|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 A Modular Approach to Data Validation in Web Applications(Click here to view the original thread with full colors/images)Posted by: office politics [url=http://www.infosecwriters.com/text_resources/pdf/modular-approach-to-data-validation.pdf]A Modular Approach to Data Validation in Web Applications[/url] by Stephen de Vries on 07/04/06 Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application. This follows two main principles: • Data should be validated in the data model, where the validation rules have maximum scope for interpreting the context; and • Escaping of harmful meta-characters should be performed just before the data is processed, typically in the data access components. Implementing such a modular approach contributes to the application being loosely coupled and ensures that it can safely be extended and components reused, without incurring unnecessary development time to re-implement validation routines. vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |