Repel invalid requests

The Open Web Application Security Project has practical guidelines for implementing a secure web site. The first item on their list of security concerns is validating requests.

A reasonable approach is to first validate all requests before performing any other processing. Such checks can include:

Early in processing, sanity checks on parameter values may be either complete or partial validations: Checks on parameter values might be performed at two stages in processing - early sanity checks (as described above), and later "business" validations. For example, if an Age is typed into a text input control, the parameter value can be validated in two steps:

This two-step validation style is used in the WEB4J framework. In WEB4J, business validations are performed by a Model Object constructor.

Controls in an HTML form can perform simple validations. For example, a control for entering a number may be assigned a minimum and maximum accepted value. In order to be secure and robust, an app should repeat such validations on the server-side.

See Also :
Parse parameters into domain objects
A Web App Framework WEB4J