[OWASP-Ireland] Validator for .Net

Keary, Eoin eoin.keary at ie.fid-intl.com
Thu Mar 3 06:51:26 EST 2005


Anyone familiar with the commons validator for struts framework
(http://struts.apache.org/ <http://struts.apache.org/> ) may be interested
to know that foundstone (http://www.foundstone.com/
<http://www.foundstone.com/> ) are developing a .NET input validator.
The concept is to "wire" up the validator into your own .NET application.
This tool validates all input to your application for malicious characters
used for exploiting vulnerabilities.
"Writing code to check for every input field was often taxing, inefficient,
incomplete and not through. For the same reasons Microsoft provided
extensive validation framework in ASP.NET. The aim was to help developers
perform data validation routines faster and in a more efficient manner. Even
with the presence of these validators, data validations techniques are no
where near acceptable level."

Features:

	*	Provides an efficient way to apply effective data validation
techniques to existing .NET validation
	*	Does not require access to source code and therefore does
not change source code
	*	Integrates with any existing .NET web application
	*	Is composed of 2 parts
			o	Design Component, also called Configuration
Console
			o	Runtime Component
	*	Provides a centralized repository of rule set, such that
those rules can be repeatedly applied to multiple controls of the
application
	*	Allows custom rules to be written to the granularity of
every control on each form
	*	Generates a set of XML rules that can be deployed at
multiple applications 


The tool and documentation should be released next week according to
foundstone.

Regards,
Eoin



Eoin Keary
Principal Security Analyst
Team Lead (Irl)
Application Security Group
http://asg.fmr.com <http://asg.fmr.com> 
*internal: 8737 5582			
*external: +353-1-6145582
* eoin.keary at fid-intl.com
FISC - Ireland Ltd.,  Registered in Ireland no. 245656. Registered office:
Hardwicke House, 
Upper Hatch street, Dublin 2. Telephone +353-1-6145400.  Any comments or
statements
made are not necessarily those of Fidelity Investments, its subsidiaries, or
affiliates

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20050303/1acf06ec/attachment.html 


More information about the Owasp-ireland mailing list