Reducing user input validation code in web applications using Pex extension

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F14%3A00222526" target="_blank" >RIV/68407700:21230/14:00222526 - isvavai.cz</a>

Výsledek na webu

<a href="http://dl.acm.org/citation.cfm?id=2659532.2659633" target="_blank" >http://dl.acm.org/citation.cfm?id=2659532.2659633</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/2659532.2659633" target="_blank" >10.1145/2659532.2659633</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Reducing user input validation code in web applications using Pex extension

Popis výsledku v původním jazyce

Validation of user input data is very important in web application. Not only it protects the system from various exploits, but it also improves the user experience. User immediately sees what values are missing or are not valid and should be fixed. It isimportant to validate code on client side in the browser, but that does not mean that the validation on server side can be omitted. The golden rule of the web applications is not to trust user input and validate code on server side as well. The user input validation is therefore duplicated - it validates the input values first on client side using JavaScript before the data is sent to server and then the received data is validated again on the server side. Changes made to the validation code must be synchronized in code on both sides. All implementations must be also unit tested, multiple sets of unit tests must be created and maintained. We will describe how we extended white-box testing tool Pex to generate user input validation code

Název v anglickém jazyce

Reducing user input validation code in web applications using Pex extension

Popis výsledku anglicky

Validation of user input data is very important in web application. Not only it protects the system from various exploits, but it also improves the user experience. User immediately sees what values are missing or are not valid and should be fixed. It isimportant to validate code on client side in the browser, but that does not mean that the validation on server side can be omitted. The golden rule of the web applications is not to trust user input and validate code on server side as well. The user input validation is therefore duplicated - it validates the input values first on client side using JavaScript before the data is sent to server and then the received data is validated again on the server side. Changes made to the validation code must be synchronized in code on both sides. All implementations must be also unit tested, multiple sets of unit tests must be created and maintained. We will describe how we extended white-box testing tool Pex to generate user input validation code

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ACM International Conference Proceeding Series, Volume 883

ISBN

978-1-4503-2753-4

ISSN

—

e-ISSN

—

Počet stran výsledku

7

Strana od-do

302-308

Název nakladatele

Bulgarian Chapter of ACM

Místo vydání

Rousse

Místo konání akce

Ruse

Datum konání akce

27. 6. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—