Category:OWASP Validation Project

Most web application platforms do not include features to validate user input. This leaves many organizations to craft their own validation mechanisms, often incomplete, flawed, and inefficient.

The OWASP Validation Project was created to provide guidance and tools related to validation. Our philosophy is that validation is required for every part of the HTTP request, including headers, querystring, cookies, form fields, and hidden fields.

Currently, there are several projects underway to create validation technologies for various technologies. Long term, the project plan is to isolate the validation rules from the engine that implements them, and to provide validation engines for the popular web application environments.

=Java=

The Stinger library is a full HTTP validation engine. It can be used as a library or as a J2EE filter. The full details are on the OWASP Stinger project page.

=Regex=

OWASP has started a repository for useful regular expressions. These expressions are an extremely powerful way to represent a complex set of validation rules. For example, ^/d[5]$ means to match a string of five digits exactly. For details, please see the OWASP Validation Regex Repository

=PHP= PHP Filter

=WebScarab=

WebScarab Parameter Parser

=News and Status=

Wed Nov 17 15:27:39 EST 2004 The validation project was started to pull together a number of validation related articles, tools, and techniques for a variety of technologies under one umbrella. The validation project is run by the OWASP Germany Chapter. The project leader and coordinator is Ali Mabrouk.

=Feedback and Participation =

We hope you find the Validation project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the Validation mailing list. Thanks!

To join the OWASP Validation mailing list or view the archives, please visit the subscription page.