Category:OWASP Content Validation using Java Annotations Project
The project was initially inspired by the input validation framework Heimdall , where the main goal is to provide a clear separation between validation and application logic. This separation was achieved by using an XML configuration file defining which tests were to be run on which object properties.
The first step of our project consisted in checking whether the need for an XML external file could be eliminated by using annotations to associate tests and object properties, instead.
After a new input validation framework based on annotations was succesfully implemented, the focus of the project shifted to investigate how far annotations can be pushed for validation purpouses, while keeping their use as intuitive and simple as possible.
At the moment we defined and implemented:
- composed annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
- cross annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.
Other main features that characterize the framework are:
- Easy integration in any esisting Java projects
- High reusability of existing validation tests
- Possibility of creating new custom annotations with little effort
The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will help integrate this aspect of security into both new and existing applications.
Th current goals are:
- Continuously improving the framework with frequent releases
- Extend the library of predefined annotations
- Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
- Investigate further uses of annotations for input validation
- Improve both the documentation
- Implement a better summary for the validation results, that can contain custom error messages and that is easy to query by the user
Full technical report TECHNICAL DOCUMENTATION
Project DOWNLOAD SITE
Email list owasp_cvuja_project
Bug Tracker : Sourceforge bug tracker
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What does this OWASP project release offer you?
This category has only the following subcategory.