Date post: | 12-Feb-2017 |
Category: |
Technology |
Upload: | satish-govindappa |
View: | 161 times |
Download: | 1 times |
Struts validation frameworkWEB Application Security
By Satish Govindappa
Structure
what why how - MVC ?Concept and OriginExecution Process
what why how - Web framework?Features
what why how Validation framework?
Pentesters..Applications are getting smarter
Applications are getting tougher Old strategy may not work..
Strategy – outside inn to inside out Understanding of internals
Defenders how to write/suggest defensive programming
Big Picture
MVC
Frameworks
Struts
Validation Framework
Spring
Validation Framework
Advantages MVC
• Easier to Manage Complexity• Does not use view state or server based forms• Rich Routing Structure• Support for Test-Driven Development• Supports Large Teams Well
Data-validation Framework
Validation Strategy• Centralize the data flow : Struts-config.xml
– List the address of the input form
• Control each piece of field(data) :Validation form– List each Include all input fields
• Assign validation logic to each field:Validation.xml– For each field, specify one or more validation rules
• Define validation logic : Validation-rules.xml– Max length, min length, knowngood validation
• Bind each field to a Regular expression
Max length
Min Length
Knowngood
Max length
Min Length
Known good
Web App with out framework
Max length
Min Length
Knowngood
Sturts-config.x
ml
Validation.xml
^[0-9a-zA-Z]*$
0123456789abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
null123
‘--1
Abx12p
@!#$%
null123
Abx12p
null123
Abx12p
Max length
Min Length
Knowngood
Web App with out framework
Regex^[a-z0-9_-]{3,15}$
Characters alloweda to z (only small case)
Numbers allowed0 1 2 3 4 5 6 7 8 9
Special Chars allowedUnderscore and Hyphen
Max length 15
Min length 3
End..
Slides --- will be uploaded to null site and slide share…
Need hands on…Scream for a bachaav session…
I am open to take a session…