[WEB SECURITY] A Modular Approach to Data Validation in Web Applications

Stephen de Vries stephen at corsaire.com
Mon Mar 27 05:43:33 EST 2006


A Corsaire White Paper:

A Modular Approach to Data Validation in Web Applications

Outline:

Data that is not validated or poorly validated is the root cause of a  
number of serious security vulnerabilities affecting applications.  
This paper presents a modular approach to performing thorough data  
validation in modern web applications so that the benefits of modular  
component based design; extensibility, portability and re-use, can be  
realised. It starts with an explanation of the vulnerabilities  
introduced through poor validation and then goes on to discuss the  
merits and drawbacks of a number of common data validation strategies  
such as:
- Validation in an external Web Application Firewall;
- Validation performed in the web tier (e.g. Struts); and
- Validation performed in the domain model.
Finally, a modular approach is introduced together with practical  
examples of how to implement such a scheme in a web application.

Download:

http://www.corsaire.com/white-papers/060116-a-modular-approach-to- 
data-validation.pdf







---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list