Cyber Security Expo
A Modular Approach to Data Validation in Web Applications by Stephen de Vries on 07/04/06

Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application. This follows two main principles:

Data should be validated in the data model, where the validation rules have maximum scope for interpreting the context; and

Escaping of harmful meta-characters should be performed just before the data is processed, typically in the data access components.

Implementing such a modular approach contributes to the application being loosely coupled and ensures that it can safely be extended and components reused, without incurring unnecessary development time to re-implement validation routines.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.