The Open Software Engineering Journal
2008, 2 : 45-54Published online 2008 December 31. DOI: 10.2174/1874107X00802010045
Publisher ID: TOSEJ-2-45
Data Validation, Data Neutralization, Data Footprint: A Framework Against Injection Attack
ABSTRACT
Untrusted data validation is an important part of software security, yet most current validation techniques fall short in two ways: they lack practicality when it comes to validating data in large scale, real life applications, and they do not clearly identify the different goals of handling untrusted data securely. In this paper, we clarify the different, independent problems that “data validation” should solve, and we provide a clear and detailed three step process to data validation: a “data validation” step to protect the application itself against malicious users, a “data neutralization” step to protect other applications from malicious users of the application, and a “data footprint” step to protect against attacks on future, unforeseen components that will be connected to the application.