资 源 简 介
Classic ASP does not include any validation features by default. This leaves many organizations to craft their own validation mechanisms, often incomplete, flawed, and inefficient.
Lack of a centralized and well-defined input validation mechanism opens the application to a variety of attacks: including SQL Injection, Cross Site Scripting (XSS), and Command Injection. The OWASP Stinger Project aims to develop a centralized input validation component which can be easily applied to existing or developmental applications. Using a declarative security model, Stinger has the ability to validate all HTTP requests coming into an application. Stinger is such a simplistic yet strong validation engine that organizations have begun integrating it into their software development life-cycle.
How to use it?
Before we get into details, you can download the full code doing a SVN checkout. Al
