[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] A Modular Approach to Data Validation in Web Applications
- From: Stephen de Vries <stephen@xxxxxxxxxxxx>
- Subject: [WEB SECURITY] A Modular Approach to Data Validation in Web Applications
- Date: Mon, 27 Mar 2006 17:43:33 +0700
A Corsaire White Paper:
A Modular Approach to Data Validation in Web Applications
Outline:
Data that is not validated or poorly validated is the root cause of a
number of serious security vulnerabilities affecting applications.
This paper presents a modular approach to performing thorough data
validation in modern web applications so that the benefits of modular
component based design; extensibility, portability and re-use, can be
realised. It starts with an explanation of the vulnerabilities
introduced through poor validation and then goes on to discuss the
merits and drawbacks of a number of common data validation strategies
such as:
- Validation in an external Web Application Firewall;
- Validation performed in the web tier (e.g. Struts); and
- Validation performed in the domain model.
Finally, a modular approach is introduced together with practical
examples of how to implement such a scheme in a web application.
Download:
http://www.corsaire.com/white-papers/060116-a-modular-approach-to-
data-validation.pdf
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
Brought to you by http://www.webappsec.org