WebApp Sec mailing list archives
A Modular Approach to Data Validation in Web Applications
From: Stephen de Vries <stephen () corsaire com>
Date: Mon, 27 Mar 2006 17:43:33 +0700
A Corsaire White Paper: A Modular Approach to Data Validation in Web Applications Outline:Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits and drawbacks of a number of common data validation strategies such as:
- Validation in an external Web Application Firewall; - Validation performed in the web tier (e.g. Struts); and - Validation performed in the domain model.Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application.
Download:http://www.corsaire.com/white-papers/060116-a-modular-approach-to- data-validation.pdf
------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- How to Create Secure Web Applications with Struts bugtraq (Mar 19)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 20)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
- A Modular Approach to Data Validation in Web Applications Stephen de Vries (Mar 27)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts George Capehart (Mar 21)
- XST Frederic Charpentier (Mar 21)
- Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 20)