Review Article
A Closer Look at Intrusion Detection System for Web Applications
Table 9
Description of parameter categories.
| Parameter category | Description | Examples | Validating Scheme |
| Text | Holds both letters and numbers in the indeterminate range. | Username= John Smith Address= Celeste Slater 606-3727, Roseville NH11523 | Blacklist of prohibited content | Numeric | Holds only numbers. | Id=1254, Age=23 | Ensuring valid data type | Enumerated | Consist of values of a fixed set of elements defined by the application business logic. | Gender=‘male’,’female’,’other’} Married=‘yes’,’no’} | White-list of allowed values | Format-Specific | The values which follow a rigid pattern. | Date= Nov 4, 2003 8:14 PM Time= 8:14:11 PM | White-list of valid patterns | Website address | Holds URL as a value. | Target=http://www.partnersite.com Fwd=appadmin.jsp | White-list of valid URLs | Application | The values which are set by application and must not be tampered at the client side. | JSESSIONID=ABAD1D Price=12.3 | A list containing hashes of these values |
|
|