Application Security, Technology
During a recent penetration test on one of our client's application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a...
In one of our Node.js projects, we used Mongoose module to interact with MongoDB. Mongoose provides us four types of built-in validation on schema as below: 1. Required: We can mark a field as required, which must be provided. 2. Limit: If field is type of Number in Schema, then we can restrict maximum and minimum value for that...
We usually specify validation constraints in domain classes and command objects. But, if it is required to provide validation in other classes(like classes in src/groovy), we can do so in two ways : 1. Defining a static constraints property in the class and using the @validateable annotation. 2. Defining a static constraints propery...