Untitled

1.The need of input validation
	availability
	-dos attacked, crashed, exited, restarted
	integrity
	-steal,read,change
	integrity
	-modification to the control flow,execute arbitary commands
2.Data validation techniques
	-preventing attack that happens with invalid inputs
	-canonicalization -normalization
	-avoid characters that have special meaning
	-normal control characters(inputs from keyboard that cannot be printed),
	value less than 32 and value higher than 127,
	metacharacters(;,&)
	-encode known bad, accept exact match, reject known bad, use known good
	-use frameworks and apis for validation
		-javaframework
		-javaapi
	-use open source validation frameworks
		-example: oVal-validates java objects as per user request
	-user servlet filter  for incoming request with annotations
3.Strut1 data validation
	-can validate both client and server side
	-called commonsvalidator
	-avoid duplication form names
	-implement strut validator class
		-validatorform,validatoractionform....
		-implement validate function
		-must call super.validate
	-enable strut validator in the action form mapping
	-check for similar number of fields in the action form and validation form
	-validate parameter must be set to true in the action mapping
	Strut2
	-implements XWork frameworks
	-separates the actual validation logic and application code
	-can handle both client and server side
4.Spring data validation
	-it uses support method to check if target class can be validated and validate method to validate
	-uses the error object to provide information on the errors
	-custom validator by using Validator interface for condition based validations-age must be between 18-60
5.Common input validation errors
	-improper sanitization of untrusted data
	-leads to SQL injection
6.Common secure coding practises for input validation
	-use preparedstatement
	-use StoredProcedures
	-use whitelisting and blacklisting
	-use getcanonicalpath() instead of getabsolutepath()