Presentation is loading. Please wait.

Presentation is loading. Please wait.

Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav."— Presentation transcript:

1 Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav Attias

2

3 Prevent XSS attacks through free text fields. Companies in the market uses web applications to serve their clients. Many of these applications accept free-text fields. Our project goal is to stop such an application from accepting malicious script in this type of field.  Add types of fields  Change type of fields and their corresponding regular expressions  Edit regular expressions  Delete fields/regular expressions

4  Create new field using state machine – the user draws state machine and then regular expression created from the machine.  Create new field using regular expression & state machine – the user enters regular expression – then the system generates the corresponding state machine and the user can change the machine until he get the desired results.  Edit field using state machine.

5  Special site will be developed for testing purposes. Each filed will have representation.  Special software for attacks (Upscan) will be used.  Testing in iterations – revision regular expression every iteration. Engine that will go over a variety of inputs for a specific field, learn all the data, bad and/or good inputs and infer the regular expression representing this type of field according to the Information. ** this feature was not part of the original project and will be developed within the time limitations and deadlines.

6

7 JAR Library GUI Web Site Database

8  The database is based on XML, and the system using Java parsing XML classes to write/read from the XML files.  Contains all the types of fields, and for each filed a regular expression.  will be added to an existing code and prevent massive changes in it.  The main functionality of the library is to receive a text, check its validation using the regular expression that stored in the DB, and return whether the input text is valid or not.

9  connects the user to the database.  Display all the types of fields currently stored in the database.  Add new types of fields to the database using regular expressions, state machines etc.  For testing purposes.  contain free text field for each predefined type of field.  Using “UpScan” – attack software.

10

11 System (façade) Jflap package GUI classes Admin Field Jar Database Regex package MatcherPattern

12  represents field in the system.  has two main internal fields :  name: the name of the field  regex- a regular expression that represents all the language of all the valid inputs for this type of field.  writes and reads data from the XML files.  All the functions that concern retrieving and storing data are implemented in this class: store user, store field, retrieve user, retrieve field, etc.

13  functions as a façade class.  provides a unified interface to a set of interfaces in a subsystem.  connects the GUI (upper layer) with all the logic classes (bottom layers) such as the database, JFlap and REGEX classes.  All the functions from this class delegates the actions to the foundation classes that responsible of handling the actions.  this class and its methods will be used by external users to validate the free text fields.  has one main function called "validate“.  will be imported to projects and will be used as an external package.

14  handling all the GUI elements in the system.  uses small classes, that each one of them is part of the whole GUI.  uses some of the GUI components of the JFlap package (in the state machine functionalities).  represents administrator user in the system.  It has two fields: unique ID number and password.  deals with regular expressions.  already implemented in java and we will use it to manage and perform operations on regular expressions in the system.

15  represents big package of classes that deals with state machine.  has vast functionalities.  We will use mainly the tools to draw state machines and extract regular expressions from state machines.

16  Code:  System, regex, admin, field, GUI: 90% of the code implemented.  database: code implemented, there’s conceptual problem – how the JAR and GUI system should interact with the same XML file.  Jflap package: interaction with the package exists. Changes in the package itself need to be done to best answer the system requirements.  Testing site: site code is completed. Written in XHTML,CSS,PHP. Not yet been tested with the attacking program. (Upscan).  Learning engine: exploring the best algorithms to use particular to the project’s problem. With the assistance of Dr Gera Weiss and Dr Nir Eitan From Weizmann Institute of Science.

17

18 The user has three options to create new field.

19  “New field using Regular-Expression” – the user inserts new field name and matching regular expression.  “New field using State-Machine” – the user inserts field name and draw the matching state- machine in a new screen (the Jflap screen).  “New field using Regular-Expression and State-Machine” – the user inserts field name and regular expression. Then the matching state-machine will appear, and the user will have the option to change it.

20 The administrator has three options.

21  “Delete field” – the administrator chooses field name from list of fields, and the system deletes the field from the DB.  “Edit field” – the administrator chooses field name from list of fields and inserts a new regular expression.  “Edit field using state-machine” – the administrator chooses field name from list of fields, the matching state-machine will appear in the Jflap screen, and there he can change it.

22 In the Jflap screen the user will have the tools to draw state- machines

23  Database- use XML database(Amdocs requirement) or SQL server as database.  Learning Engine – what algorithm to use, the type of the “learning” database (good inputs or bad inputs).

24 The detailed tasks list is published in the full ADD document on the project website. In general: GUI + DB: February 2011 XSS prevention research: March 2011 Integration with the Jflap package: March 2011 Main functionalities: March-April 2011 Testing: April 2011 Attacks of our website: May 2011

25

Download ppt "Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav."

Similar presentations

Publication Module using back end interface. Institution Data Entry Add Documents. Edit/Delete Documents that are added but not yet sent to Institution.

Publication Module using back end interface. Institution Data Entry Add Documents. Edit/Delete Documents that are added but not yet sent to Institution.
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Tutorial 6 Creating a Web Form

Tutorial 6 Creating a Web Form
Microsoft Excel 2003 Illustrated Complete Excel Files and Incorporating Web Information Sharing.

Microsoft Excel 2003 Illustrated Complete Excel Files and Incorporating Web Information Sharing.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Computer Science and Computer Engineering. parts of the computer.

Computer Science and Computer Engineering. parts of the computer.
Chapter 12: ADO.NET and ASP.NET Programming with Microsoft Visual Basic.NET, Second Edition.

Chapter 12: ADO.NET and ASP.NET Programming with Microsoft Visual Basic.NET, Second Edition.
Input Validation For Free Text Fields Project Members: Hagar Offer &Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav Attias.

Input Validation For Free Text Fields Project Members: Hagar Offer &Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav Attias.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
System Analysis and Design

System Analysis and Design
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Feeds Computer Applications to Medicine NSF REU at University of Virginia July 27, 2006 Paul Lee.

Feeds Computer Applications to Medicine NSF REU at University of Virginia July 27, 2006 Paul Lee.
Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.

Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.
UNIT-V The MVC architecture and Struts Framework.

UNIT-V The MVC architecture and Struts Framework.
Xpantrac connection with IDEAL Sloane Neidig, Samantha Johnson, David Cabrera, Erika Hoffman CS 4624 3/6/2014.

Xpantrac connection with IDEAL Sloane Neidig, Samantha Johnson, David Cabrera, Erika Hoffman CS /6/2014.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.

This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

Similar presentations

Ads by Google