struts validationframework
TRANSCRIPT
![Page 1: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/1.jpg)
Struts validation frameworkWEB Application Security
By Satish Govindappa
![Page 2: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/2.jpg)
Structure
what why how - MVC ?Concept and OriginExecution Process
what why how - Web framework?Features
what why how Validation framework?
![Page 3: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/3.jpg)
Pentesters..Applications are getting smarter
Applications are getting tougher Old strategy may not work..
Strategy – outside inn to inside out Understanding of internals
Defenders how to write/suggest defensive programming
![Page 4: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/4.jpg)
Big Picture
MVC
Frameworks
Struts
Validation Framework
Spring
Validation Framework
![Page 5: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/5.jpg)
Advantages MVC
• Easier to Manage Complexity• Does not use view state or server based forms• Rich Routing Structure• Support for Test-Driven Development• Supports Large Teams Well
![Page 6: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/6.jpg)
Data-validation Framework
![Page 7: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/7.jpg)
Validation Strategy• Centralize the data flow : Struts-config.xml
– List the address of the input form
• Control each piece of field(data) :Validation form– List each Include all input fields
• Assign validation logic to each field:Validation.xml– For each field, specify one or more validation rules
• Define validation logic : Validation-rules.xml– Max length, min length, knowngood validation
• Bind each field to a Regular expression
![Page 8: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/8.jpg)
Max length
Min Length
Knowngood
Max length
Min Length
Known good
Web App with out framework
![Page 9: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/9.jpg)
Max length
Min Length
Knowngood
Sturts-config.x
ml
Validation.xml
^[0-9a-zA-Z]*$
0123456789abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
null123
‘--1
Abx12p
@!#$%
null123
Abx12p
null123
Abx12p
Max length
Min Length
Knowngood
![Page 10: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/10.jpg)
Web App with out framework
![Page 11: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/11.jpg)
Regex^[a-z0-9_-]{3,15}$
Characters alloweda to z (only small case)
Numbers allowed0 1 2 3 4 5 6 7 8 9
Special Chars allowedUnderscore and Hyphen
Max length 15
Min length 3
![Page 12: Struts validationframework](https://reader035.vdocuments.us/reader035/viewer/2022081604/589faacb1a28abc04e8b6b7f/html5/thumbnails/12.jpg)
End..
Slides --- will be uploaded to null site and slide share…
Need hands on…Scream for a bachaav session…
I am open to take a session…