This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Content Validation using Java Annotations Project"

From OWASP

Jump to: navigation, search

Revision as of 09:33, 4 August 2009

The project was initially inspired by the input validation framework Heimdall [1], where the main goal is to provide a clear separation between validation and application logic. This separation was achieved by using an XML configuration file defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether the need for an XML external file could be eliminated by using annotations to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented, the focus of the project shifted to investigate how far annotations can be pushed for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:

composed annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
cross annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:

Easy integration in any esisting Java projects
High reusability of existing validation tests
Possibility of creating new custom annotations with little effort

A slide presentation is available here PDF

The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will help integrate this aspect of security into both new and existing applications.

Th current goals are:

Continuosly improving the framework with frequent releases
Extend the library of predefined annotations
Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
Investigate further uses of annotations for input validation

Project DOWNLOAD SITE

Project Identification

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What does this OWASP project release offer you?

what	is this project?
OWASP Content Validation using Java Annotations Project Purpose: We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.
who	is working on this project?
Project Leader: Federico Mancini, Dag Hovland, Khalid Azim Mughal Project Maintainer: Federico Mancini, Dag Hovland Project Contributor(s):
how	can you learn more?
Project Flyer/Pamphlet: validatorflyer.pdf Mail list: Subscribe or read the archives Project Roadmap: To view, click here Project main links: : http://shipvalidator.sourceforge.net, http://www.uib.no/ii/forskning/reports-in-informatics/reports-in-informatics-2000-2009 Project Health: Not reviewed To be reviewed under Assessment Criteria v2.0

Key Contacts
Contact Dag Hovland to contribute to this project, Contact Dag Hovland or GPC to review or sponsor this project, Contact GPC to report a problem or concern about this project or to update information.

current release
SHIP Validator 0.3 Release - July 2009 - (download) Release Leader: Federico Mancini, Dag Hovland, Khalid Azim Mughal Release details: Main links, release roadmap and assessment Rating: Not reviewed To be reviewed under Assessment Criteria v2.0
last reviewed release
None as yet
other releases
SHIP Validator 0.1 Release - May 2009 - (download) SHIP Validator 0.2 Release - June 2009 - Main links, release roadmap and assessment

Subcategories

This category has only the following subcategory.

O

► OWASP Content Validation using Java Annotations Project‎ (1 C)

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Content_Validation_using_Java_Annotations_Project&oldid=67188"

Categories:

@@ Line 3: / Line 3: @@
 = Overview =
-We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.
+The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
+where the main goal is to provide a clear separation between
+validation and application logic.
+This separation was achieved by using an XML configuration file
+defining which tests were to be run on which object properties.
+The first step of our project consisted in checking whether
+the need for an XML external file could be eliminated by using annotations
+to associate tests and object properties, instead.
+After a new input validation framework based on annotations was succesfully implemented,
+the focus of the project shifted to investigate how far annotations can be pushed
+for validation purpouses, while keeping their use as intuitive and simple as possible.
+At the moment we defined and implemented:
+* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
+* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.
+Other main features that characterize the framework are:
+* Easy integration in any esisting Java projects
+* High reusability of existing validation tests
+* Possibility of creating new custom annotations with little effort
+A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]
 = Project Goals =
+The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
+help integrate this aspect of security into both new and existing applications.
+Th current goals are:
+* Continuosly improving the framework with frequent releases
+* Extend the library of predefined annotations
+* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
+* Investigate further uses of annotations for input validation
 = Main Links =
+Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]
 ==== Project Identification ====

Difference between revisions of "Category:OWASP Content Validation using Java Annotations Project"

Revision as of 09:33, 4 August 2009

Main

Project Identification

Subcategories

O

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools