Application Security, Responsible Disclosures

Malicious exploitation of Unauthenticated Request submissions

During a recent penetration test on one of our client's application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a...

by Ankit Giri
Tag: validation


Validation with Mongoose

In one of our Node.js projects, we used Mongoose module to interact with MongoDB. Mongoose provides us four types of built-in validation on schema as below: 1. Required: We can mark a field as required, which must be provided. 2. Limit: If field is type of Number in Schema, then we can restrict maximum and minimum value for that...

by Amit Kumar
Tag: validation


Applying Validation Constraints in Classes other than Domain classes and Command Objects

We usually specify validation constraints in domain classes and command objects. But, if it is required to provide validation in other classes(like classes in src/groovy), we can do so in two ways : 1. Defining a static constraints property in the class and using the @validateable annotation. 2. Defining a static constraints propery...

by raj
Tag: validation