Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications, such as Cross Site Scripting and SQL Injection. A paper entitled A Modular Approach to Data Validation in Web Applications presents an approach to performing thorough data validation in modern web applications so that the benefits of modular component based design (extensibility, portability and re-use) can be realised.
It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits and drawbacks of a number of common data validation strategies such as:…
Struts is by far the most common web framework, but it is by no means the only option. Java Server Faces has made a splash lately, but there are a number of open source alternatives, including Spring MVC, WebWork, Tapestry, and Cocoon.
I’ve found two interesting presentations that survey these available web frameworks, taking a look at what kind of code and content you need to write for each, specific strengths or weaknesses, and how to select the best web framework for your unique application requirements.…
APT-Jelly provides a template-oriented interface to Sun’s Annotation Processing Tool (APT). As an alternative to other source-processing engines (e.g. XDoclet), APT-Jelly fully leverages Java syntax and features including annotations, generics and typesafe enums.
Read the full news article here.…