{"title":"数据验证,数据中和,数据足迹:一个防止注入攻击的框架","authors":"Guy-Vincent Jourdan","doi":"10.2174/1874107X00802010045","DOIUrl":null,"url":null,"abstract":"Untrusted data validation is an important part of software security, yet most current validation techniques fall short in two ways: they lack practicality when it comes to validating data in large scale, real life applications, and they do not clearly identify the different goals of handling untrusted data securely. In this paper, we clarify the different, independent problems that \"data validation\" should solve, and we provide a clear and detailed three step process to data validation: a \"data validation\" step to protect the application itself against malicious users, a \"data neutralization\" step to protect other applications from malicious users of the application, and a \"data footprint\" step to protect against attacks on future, unforeseen components that will be connected to the application.","PeriodicalId":262856,"journal":{"name":"The Open Software Engineering Journal","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Data Validation, Data Neutralization, Data Footprint: A Framework Against Injection Attacks\",\"authors\":\"Guy-Vincent Jourdan\",\"doi\":\"10.2174/1874107X00802010045\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Untrusted data validation is an important part of software security, yet most current validation techniques fall short in two ways: they lack practicality when it comes to validating data in large scale, real life applications, and they do not clearly identify the different goals of handling untrusted data securely. In this paper, we clarify the different, independent problems that \\\"data validation\\\" should solve, and we provide a clear and detailed three step process to data validation: a \\\"data validation\\\" step to protect the application itself against malicious users, a \\\"data neutralization\\\" step to protect other applications from malicious users of the application, and a \\\"data footprint\\\" step to protect against attacks on future, unforeseen components that will be connected to the application.\",\"PeriodicalId\":262856,\"journal\":{\"name\":\"The Open Software Engineering Journal\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-01-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Open Software Engineering Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2174/1874107X00802010045\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Open Software Engineering Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2174/1874107X00802010045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Data Validation, Data Neutralization, Data Footprint: A Framework Against Injection Attacks
Untrusted data validation is an important part of software security, yet most current validation techniques fall short in two ways: they lack practicality when it comes to validating data in large scale, real life applications, and they do not clearly identify the different goals of handling untrusted data securely. In this paper, we clarify the different, independent problems that "data validation" should solve, and we provide a clear and detailed three step process to data validation: a "data validation" step to protect the application itself against malicious users, a "data neutralization" step to protect other applications from malicious users of the application, and a "data footprint" step to protect against attacks on future, unforeseen components that will be connected to the application.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
