4. Structure
what why how -
MVC ?
Concept and Origin
Execution Process
what why how - Web
framework?
Features
what why how
Validation framework?
5. Attacker’s – why should I care..
Applications are getting smarter
Applications are getting tougher
Old strategy may not work..
Strategy – outside inn to inside out
Understanding of internals
Defenders
how to write/suggest defensive programming
6. SOFTWARE EVOLUTION
Fist Prototype of a Computer Mouse
1979
Introduction of graphic
“views” in computing
Early Apple GUI
Formulated by Norwegian computer scientist Trygve Reenskaug
for Graphic User Interphase (GUI) software design, the MVC architecture was one of
the primary outcomes of GUI development.
11. Types of MVC Frameworks
ASP.NET
PHP (Zend, Symfony, CakePHP, CodeIgniter)
Javascript ( Backbone.js, Ember.js, JavascriptMVC)
Java (Struts, Spring, Expresso, Stripes, JSF, Tapestry, Wicket…)
ASP.NET 4.0 Framework
12. Controller – Mediates input
and commands for the model or
view
Model – Application
data, business rules, logic, and
functions.
View – Output and
representation of data
MVC Execution Process
13. Advantages MVC
•
•
•
•
•
Easier to Manage Complexity
Does not use view state or server based forms
Rich Routing Structure
Support for Test-Driven Development
Supports Large Teams Well
17. Validation Strategy
• Centralize the data flow : Struts-config.xml
– List the address of the input form
• Control each piece of field(data) :Validation form
– List each Include all input fields
• Assign validation logic to each field:Validation.xml
– For each field, specify one or more validation rules
• Define validation logic : Validation-rules.xml
– Max length, min length, knowngood validation
• Bind each field to a Regular expression
18. Web App with out
framework
Max length
Min Length
Knowngood
Max length
Min Length
Known good