Advertisement
Guest User

Untitled

a guest
Oct 22nd, 2018
65
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.94 KB | None | 0 0
  1. 1.The need of input validation
  2. availability
  3. -dos attacked, crashed, exited, restarted
  4. integrity
  5. -steal,read,change
  6. integrity
  7. -modification to the control flow,execute arbitary commands
  8. 2.Data validation techniques
  9. -preventing attack that happens with invalid inputs
  10. -canonicalization -normalization
  11. -avoid characters that have special meaning
  12. -normal control characters, value less than 32 and value higher than 127,metacharacters
  13. -encode known bad, accept exact match, reject known bad, use known good
  14. -use frameworks and apis for validation
  15. -javaframework
  16. -javaapi
  17. -use open source validation frameworks
  18. -example: oVal-validates java objects as per user request
  19. -user servlet filter if possible as the implementation is easy
  20. 3.Strut1 data validation
  21. -can validate both client and server side
  22. -called commonsvalidator
  23. -avoid duplication form names
  24. -implement strut validator class
  25. -validatorform,validatoractionform....
  26. -implement validate function
  27. -must call super.validate
  28. -enable strut validator in the action form mapping
  29. -check for similar number of fields in the action form and validation form
  30. -validate parameter must be set to true in the action mapping
  31. Strut2
  32. -implements XWork frameworks
  33. -separates the actual validation logic and application code
  34. -can handle both client and server side
  35. 4.Spring data validation
  36. -it uses support method to check if target class can be validated and validate method to validate
  37. -uses the error object to provide information on the errors
  38. -custom validator by using Validator interface for condition based validations-age must be between 18-60
  39. 5.Common input validation errors
  40. -improper sanitization of untrusted data
  41. -leads to SQL injection
  42. 6.Common secure coding practises for input validation
  43. -use preparedstatement
  44. -use StoredProcedures
  45. -use whitelisting and blacklisting
  46. -use getcanonicalpath() instead of getabsolutepath()
  47. -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement