Struts validation framework Part 2
•Descargar como PPTX, PDF•
1 recomendación•3,473 vistas
null Bangalore January 2014 Meet
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Similar a Struts validation framework Part 2
Similar a Struts validation framework Part 2 (20)
Más de n|u - The Open Security Community
Más de n|u - The Open Security Community (20)
Último
Último (20)
Struts validation framework Part 2
- 1. Disclaimer opinions expressed here are my own and are a result of the way in which my mind interprets a particular situation or concept.
- 2. Courtesy Google for Images…. Slide share for Slides… Wikipedia for text…
- 3. Struts validation framework WEB Application Security
- 4. Structure what why how - MVC ? Concept and Origin Execution Process what why how - Web framework? Features what why how Validation framework?
- 5. Attacker’s – why should I care.. Applications are getting smarter Applications are getting tougher Old strategy may not work.. Strategy – outside inn to inside out Understanding of internals Defenders how to write/suggest defensive programming
- 6. SOFTWARE EVOLUTION Fist Prototype of a Computer Mouse 1979 Introduction of graphic “views” in computing Early Apple GUI Formulated by Norwegian computer scientist Trygve Reenskaug for Graphic User Interphase (GUI) software design, the MVC architecture was one of the primary outcomes of GUI development.
- 7. Software Architecture Pattern Separates representation of information from user interaction. Promotes: • Code Reusability • Separation of Concerns
- 8. Code Reusability Separation of Concerns • Shortens development • Improves code clarity and organization • Code Libraries • Design Patterns • Frameworks • Helps troubleshooting by isolating issues • Allows for multiple teams to develop simultaneously
- 9. Big Picture Design Patterns MVC Frameworks Struts Validation Framework Spring Validation Framework
- 10. Opportunity to attack Without framework • XSS • SQL injection • Command Injection • Xml injection With framework
- 11. Types of MVC Frameworks ASP.NET PHP (Zend, Symfony, CakePHP, CodeIgniter) Javascript ( Backbone.js, Ember.js, JavascriptMVC) Java (Struts, Spring, Expresso, Stripes, JSF, Tapestry, Wicket…) ASP.NET 4.0 Framework
- 12. Controller – Mediates input and commands for the model or view Model – Application data, business rules, logic, and functions. View – Output and representation of data MVC Execution Process
- 13. Advantages MVC • • • • • Easier to Manage Complexity Does not use view state or server based forms Rich Routing Structure Support for Test-Driven Development Supports Large Teams Well
- 15. Inputs Filters • Headers • Input form fields – Text, button, select, ratio, hidden, Browse • URL • Session / Cookie
- 16. Output filter • Response object • Automatic HTML entity encoding (spring)
- 17. Validation Strategy • Centralize the data flow : Struts-config.xml – List the address of the input form • Control each piece of field(data) :Validation form – List each Include all input fields • Assign validation logic to each field:Validation.xml – For each field, specify one or more validation rules • Define validation logic : Validation-rules.xml – Max length, min length, knowngood validation • Bind each field to a Regular expression
- 18. Web App with out framework Max length Min Length Knowngood Max length Min Length Known good
- 19. null123 ‘--1 Abx12p @!#$% Sturtsconfig.x ml Max length Validati on.xml Min Length Knowngood Max length Min Length Knowngood ^[0-9a-zA-Z]*$ null123 Abx12p null123 Abx12p 0123456789 abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ
- 20. Web App with out framework
- 22. Regex ^[a-z0-9_-]{3,15}$ Characters allowed a to z (only small case) Numbers allowed 0123456789 Special Chars allowed Underscore and Hyphen Max length 15 Min length 3
- 23. End.. Slides --- will be uploaded to null site and slide share… Need hands on… Scream for a bachaav session… I am open to take a session…