CSC/ECE 517 Fall 2009/wiki2 17 va
I have copied things that help with formatting the page from my prior wiki. Feel free to add in anything that you think may help with formatting from your project.
Main topic (to keep us on track):
Note: Delete all the !!!! parts when done. These are notes while developing the wiki.
!!!! SOA provides another view of providing functionality based upon services offered in terms of protocols and a specific API. To provide services, platforms rely upon principles and the power that can be expressed through reflection and meta programming. Research and report how these critical concepts relate to and support SOA.
Service Oriented Architecture (SOA), Reflection, and Metaprogramming
Introduction
Body=
!!!! How to format List:
- A
- B
- C
Link:
- Parametric Polymorphism (Ruby) - This language feature can handle a wide variety of inputs without crashing, but unexpected inputs may be processed in unexpected ways, causing the need for greater input testing. Tools have been developed to perform this testing.
class Employee < ActiveRecord::Base validates_confirmation_of :password, :email_address, :on => :create validates_presence_of :name, :sex, :age, :salary, :address validates_inclusion_of :sex, :in => %w(M F), :message => 'must be M or F' validates_inclusion_of :age, :within => 1..60 validates_length_of :salary :allow_nil => false, :within => 50000..120000 validates_length_of :address, :allow_blank => false, :allow_nil => false, :maximum => 500 end
Ruby and Rails also provides Test Unit which should be used to test for this. Polymorphism in Rails makes it very important to perform these checks. Rails has a plugin tarantula, a fuzzy spider. It crawls the rails application, fuzzing inputs and analyzing what comes back. 7
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
Appendix
Vulnerability: Susceptibility to attack. A detailed description can be found here
References
!!!! Note: change these, they are here for example only 1. http://www.sans.org/top25errors/#s4 - Lists top 25 errors by category
2. http://guides.rubyonrails.org/security.html - Security features of Ruby
3. Thomas, Dave (2006). Programming Ruby, The Pragmatic Programmers' Guide. 4. Ruby, Sam et al. (2009). Agile Web Development with Rails, Third Edition.
Useful External Links
- http://guides.rubyonrails.org/security.html - Ruby on Rails security
- http://www.owasp.org/ - Open Web Security Application Project