CAVEAT: Facilitating Interactive and Secure Client-Side Validators for Ruby on Rails applications

Hinrichs, Timothy; Cueno, Michael; Ruiz, Daniel; Venkatakrishnan, Venkat; Zuck, Lenore

Home // SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies // View article

CAVEAT: Facilitating Interactive and Secure Client-Side Validators for Ruby on Rails applications

Authors:
Timothy Hinrichs
Michael Cueno
Daniel Ruiz
Venkat Venkatakrishnan
Lenore Zuck

Keywords: Web applications, Data validation, Frameworks

Abstract:
Modern web applications validate user-supplied data in two places: the server (to protect against attacks such as parameter tampering) and the client (to give the user a rich, interactive data-entry experience). However, today’s web development frameworks provide little support for ensuring that client- and server-side validation is kept in sync. In this paper, we introduce CAVEAT, a tool that automatically creates client- side input validation for Ruby on Rails applications by analyzing server-side validation routines. The effectiveness of CAVEAT for new applications is demonstrated by developing three custom apps, and its applicability to existing applications is demonstrated by examining 25 open-source applications.

Pages: 126 to 133

Copyright: Copyright (c) IARIA, 2013

Publication date: August 25, 2013

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-298-1

Location: Barcelona, Spain

Dates: from August 25, 2013 to August 31, 2013