This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Validation Documentation Project"
| Line 1: | Line 1: | ||
| − | =Overview= | + | ==Overview== |
| − | =News= | + | The most overlooked module in web applications is the input validation mechanism. Unfortunately, most developers are either unaware of the consequences or simply find developing input validation mechanisms “too hard”. Ever hear of a bank reporting that they've have several thousand credit card numbers stolen? Ever hear of the 'MySpace' worm? These issues would not exist had application developers implemented input validation correctly. Therefore, it is the goal of this document to provide a clear and detailed set of principals that should be incorporated in the development of an application specific input validation mechanism. |
| + | |||
| + | ==Downloads== | ||
| + | |||
| + | The first rough draft of the OWASP Validation Documentation can be found here. | ||
| + | |||
| + | ==News== | ||
'''OWASP Validation Documentation rough draft released! - 18:22, 4 August 2006 (EDT)''' | '''OWASP Validation Documentation rough draft released! - 18:22, 4 August 2006 (EDT)''' | ||
| Line 9: | Line 15: | ||
''Correctly implementing an input validation mechanism for a custom application is extremely difficult. It is then inevitable that large web applications will fall victim to this class of vulnerability. Therefore, a developer should have a clear understanding of how to successfully design and implement a reusable input validation mechanism for their applications. The OWASP Validation Documentation attempts to fulfill this requirement by providing the necessary design principals as well as an example implementation. This document is structured such that if a developer were to incorporate all of the presented design principals, then the result will be a complete and reusable input validation engine.'' | ''Correctly implementing an input validation mechanism for a custom application is extremely difficult. It is then inevitable that large web applications will fall victim to this class of vulnerability. Therefore, a developer should have a clear understanding of how to successfully design and implement a reusable input validation mechanism for their applications. The OWASP Validation Documentation attempts to fulfill this requirement by providing the necessary design principals as well as an example implementation. This document is structured such that if a developer were to incorporate all of the presented design principals, then the result will be a complete and reusable input validation engine.'' | ||
| + | ==Feedback and Participation == | ||
| + | |||
| + | We hope you find the Validation Documentation useful. Please contribute back to the project by sending your comments, questions, and suggestions to [mailto:[email protected] Eric Sheridan] | ||
| + | |||
| + | ==Project Sponsors== | ||
| + | |||
| + | The OWASP Validation Documentation project is sponsored by [http://www.aspectsecurity.com http://www.owasp.org/docroot/owasp/img/members/aspect_logo.gif]. | ||
[[Category:OWASP Validation Project]] | [[Category:OWASP Validation Project]] | ||
Revision as of 22:49, 4 August 2006
Overview
The most overlooked module in web applications is the input validation mechanism. Unfortunately, most developers are either unaware of the consequences or simply find developing input validation mechanisms “too hard”. Ever hear of a bank reporting that they've have several thousand credit card numbers stolen? Ever hear of the 'MySpace' worm? These issues would not exist had application developers implemented input validation correctly. Therefore, it is the goal of this document to provide a clear and detailed set of principals that should be incorporated in the development of an application specific input validation mechanism.
Downloads
The first rough draft of the OWASP Validation Documentation can be found here.
News
OWASP Validation Documentation rough draft released! - 18:22, 4 August 2006 (EDT)
The OWASP Validation Project is pleased to announce the immediate availability of the OWASP Validation Documentation rough draft. The documentation is the result of a tireless effort to provide clear design goals when implementing input validation in web applications. The following is the document abstract:
Correctly implementing an input validation mechanism for a custom application is extremely difficult. It is then inevitable that large web applications will fall victim to this class of vulnerability. Therefore, a developer should have a clear understanding of how to successfully design and implement a reusable input validation mechanism for their applications. The OWASP Validation Documentation attempts to fulfill this requirement by providing the necessary design principals as well as an example implementation. This document is structured such that if a developer were to incorporate all of the presented design principals, then the result will be a complete and reusable input validation engine.
Feedback and Participation
We hope you find the Validation Documentation useful. Please contribute back to the project by sending your comments, questions, and suggestions to Eric Sheridan
Project Sponsors
The OWASP Validation Documentation project is sponsored by 
.
