Review Article
A Closer Look at Intrusion Detection System for Web Applications
Table 9
Description of parameter categories.
| | Parameter category | Description | Examples | Validating Scheme |
| | Text | Holds both letters and numbers in the indeterminate range. | Username= John Smith
Address= Celeste Slater 606-3727, Roseville NH11523 | Blacklist of prohibited content | | Numeric | Holds only numbers. | Id=1254, Age=23 | Ensuring valid data type | | Enumerated | Consist of values of a fixed set of elements defined by the application business logic. | Gender=‘male’,’female’,’other’}
Married=‘yes’,’no’} | White-list of allowed values | | Format-Specific | The values which follow a rigid pattern. | Date= Nov 4, 2003 8:14 PM
Time= 8:14:11 PM | White-list of valid patterns | | Website address | Holds URL as a value. | Target=http://www.partnersite.com
Fwd=appadmin.jsp | White-list of valid URLs | | Application | The values which are set by application and must not be tampered at the client side. | JSESSIONID=ABAD1D
Price=12.3 | A list containing hashes of these values |
|
|
