Hi, the OWASP Guide is an excellent starter for Web
In chapter 10 on "Data Validation" (or the upcoming
Java chapter), I suggest to add pointers to validation
frameworks such as http://aspectsecurity.com/stinger/
P.S.: Especially since DoS has become a member of OWASP
top ten, do not forget to mention their limitations -
i.e. that they get often get called "late" (only after
finishing uploading e.g. illegitimate 2MB for a form
field specified to only hold 200 characters; for
example tomcat hands off to such "application level"
validation after finishing "http" processing - see
and related out-of-memory conceptual open ends of
Log in to post a comment.