Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révisionLes deux révisions suivantes | ||
| en:cs:web_applications_threats_modeling [2017/02/16 14:43] – fraggle | en:cs:web_applications_threats_modeling [2017/02/16 15:05] – fraggle | ||
|---|---|---|---|
| Ligne 9: | Ligne 9: | ||
| Each web applications has a finite set of visibles parameters being in forms, URL parameters, ... called $ \mathcal{P} = \{p_{1}, | Each web applications has a finite set of visibles parameters being in forms, URL parameters, ... called $ \mathcal{P} = \{p_{1}, | ||
| - | All parameters are not typed: the HTTP protocol only transport text. | + | All parameters are not typed: the HTTP protocol only transport text. But we might consider the langage associated to each parameters $ p_{i} $ to ease the future data injection. |
| We will consider the set $ \mathcal{P} $ in the future. | We will consider the set $ \mathcal{P} $ in the future. | ||
| Ligne 35: | Ligne 35: | ||
| One way to build it is to start with an alphabet and some syntactic rules to combine each element in the alphabet in a meaningful fashion for security. | One way to build it is to start with an alphabet and some syntactic rules to combine each element in the alphabet in a meaningful fashion for security. | ||
| - | * Phase three: inject sensibly the data patterns in all inputs | + | * Phase three: inject sensibly the data patterns in all visible parameters |
| Inject. | Inject. | ||