CSC/ECE 517 Fall 2009/wiki2 17 va

From Expertiza_Wiki
Revision as of 22:45, 7 October 2009 by Salt (talk | contribs) (Initial start, set up the basic format)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

I have copied things that help with formatting the page from my prior wiki. Feel free to add in anything that you think may help with formatting from your project.

Main topic (to keep us on track):

Note: Delete all the !!!! parts when done. These are notes while developing the wiki.

!!!! SOA provides another view of providing functionality based upon services offered in terms of protocols and a specific API. To provide services, platforms rely upon principles and the power that can be expressed through reflection and meta programming. Research and report how these critical concepts relate to and support SOA.

Service Oriented Architecture (SOA), Reflection, and Metaprogramming

Introduction

Body=

!!!! How to format List:

  • A
  • B
  • C

Link:

  • Parametric Polymorphism (Ruby) - This language feature can handle a wide variety of inputs without crashing, but unexpected inputs may be processed in unexpected ways, causing the need for greater input testing. Tools have been developed to perform this testing.


  • Example: 15 A detailed examples can be found at 34
 class Employee < ActiveRecord::Base
   validates_confirmation_of :password, :email_address, :on => :create
   validates_presence_of :name, :sex, :age, :salary, :address
   validates_inclusion_of :sex, :in => %w(M F), :message => 'must be M or F'
   validates_inclusion_of :age, :within => 1..60
   validates_length_of :salary :allow_nil => false, :within => 50000..120000
   validates_length_of :address, :allow_blank => false, :allow_nil => false, :maximum => 500
 end

Ruby and Rails also provides Test Unit which should be used to test for this. Polymorphism in Rails makes it very important to perform these checks. Rails has a plugin tarantula, a fuzzy spider. It crawls the rails application, fuzzing inputs and analyzing what comes back. 7


CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

Appendix

Vulnerability: Susceptibility to attack. A detailed description can be found here


References

 !!!! Note: change these, they are here for example only 1. http://www.sans.org/top25errors/#s4 - Lists top 25 errors by category

2. http://guides.rubyonrails.org/security.html - Security features of Ruby

3. Thomas, Dave (2006). Programming Ruby, The Pragmatic Programmers' Guide. 4. Ruby, Sam et al. (2009). Agile Web Development with Rails, Third Edition.

Useful External Links