Web Application Security

Web application security problems are as serious as network security problems. Attackers have begun to focus on web application security problems, and are actively developing tools and techniques for detecting and exploiting them. Here is the web application security Prevention Case 1

Validate Input Data

The best way to prevent this is to ensure that all parameters are validated before they are used. A centralized component or library is likely to be the most effective, as the code performing the checking should all be in one place.

Each parameter should be checked against a strict format that specifies exactly what input will be allowed. “Negative” approaches that involve filtering out certain bad input or approaches that rely on signatures are not likely to be effective and may be difficult to maintain.

Parameters should be validated against a “positive” specification that defines:

  1. Data type (string, integer, real, etc…)
  2. Allowed character set
  3. Minimum and maximum length
  4. Whether null is allowed
  5. Whether the parameter is required or not
  6. Whether duplicates are allowed
  7. Numeric range
  8. Specific legal values (enumeration)
  9. Specific patterns (regular expressions)

This includes properly protecting all types of input from the HTTP request, including URLs, forms, cookies, query strings, hidden fields, and parameters.

Posted in:

Leave a Reply