This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Validation Documentation Project

From OWASP
Revision as of 14:44, 14 August 2006 by Esheridan (talk | contribs)

Jump to: navigation, search

Overview

The most overlooked module in web applications is the input validation mechanism. Unfortunately, most developers are either unaware of the consequences or simply find developing input validation mechanisms “too hard”. Ever hear of a bank reporting that they've have several thousand credit card numbers stolen? Ever hear of the 'MySpace' worm? These issues would not exist had application developers implemented input validation correctly. Therefore, it is the goal of this document to provide a clear and detailed set of principals that should be incorporated in the development of an application specific input validation mechanism.

Downloads

The first rough draft of the OWASP Validation Documentation can be found here.

News

OWASP Validation Documentation rough draft released! - 18:22, 4 August 2006 (EDT)

The OWASP Validation Project is pleased to announce the immediate availability of the OWASP Validation Documentation rough draft. The documentation is the result of a tireless effort to provide clear design goals when implementing input validation in web applications. The following is the document abstract:

Correctly implementing an input validation mechanism for a custom application is extremely difficult. It is then inevitable that large web applications will fall victim to this class of vulnerability. Therefore, a developer should have a clear understanding of how to successfully design and implement a reusable input validation mechanism for their applications. The OWASP Validation Documentation attempts to fulfill this requirement by providing the necessary design principals as well as an example implementation. This document is structured such that if a developer were to incorporate all of the presented design principals, then the result will be a complete and reusable input validation engine.

Feedback and Participation

We hope you find the Validation Documentation useful. Please contribute back to the project by sending your comments, questions, and suggestions to Eric Sheridan

Project Sponsors

The OWASP Validation Documentation project is sponsored by aspect_logo.gif.