More Related Content Similar to FML, un approccio semplice alla sicurezza web (20) FML, un approccio semplice alla sicurezza web1. FML
Un linguaggio semplice per la creazione di form web
Valentina De Rosa
Corso di laurea triennale in Informatica
a.a. 2010/2011
2. The only truly secure system is one that is powered off,
cast in a block of concrete and sealed in a lead–lined
room with armed guards.
— E. Spafford
3. WEB & APP: Welcome, please enjoy our user’s data!
4. WhiteHat Website Security Statistics Report
ALCUNE STATISTICHE 1/2
OWASP Top Ten Project
Siti vulnerabili
84%
Almeno una vulnerabilità
fra le 3 più pericolose
64%
5. WhiteHat Website Security Statistics Report
ALCUNE STATISTICHE 2/2
OWASP Top Ten Project
Numero medio di vulnerabilità
critiche (per sito)
230
7. <email>
<configuration>
<from>restaurant@pizzarealm.com</from>
<to>$email</to>
<subject>Reservation made by $surname</subject>
<text>Mr./Ms. $surname reserved a table for $people peop
<success>Thank you for reserving a table on $date. We'll
</configuration>
<form>
<name id="surname">
FML
• perme"e di descrivere un’interazione
<label>Surname</label>
<optional>false</optional> HTML
• linguaggio simile ad
</name>
• stru"ura semantica
<email id="email">
<label>Email</label>
<optional>false</optional>
</email>
<date id="date">
<label>Reservation date</label>
<optional>false</optional>
</date>
<time id="time">
<label>Reservation time</label>
<interval step="15">12:00-15:00</interval>
8. <email>
<configuration>
<from>restaurant@pizzarealm.com</from>
<to>$email</to>
<subject>Reservation made by $surname</subject>
<text>Mr./Ms. $surname reserved a table for $people peop
<success>Thank you for reserving a table on $date. We'll
</configuration>
<form>
<name id="surname">
FML non è
<label>Surname</label>
<optional>false</optional>
</name>
<email id="email">
<label>Email</label>
<optional>false</optional>
</email>
<date id="date">
<label>Reservation date</label>
<optional>false</optional>
</date>
<time id="time">
<label>Reservation time</label>
<interval step="15">12:00-15:00</interval>
11. 1 <!-- email_form.fml -->
2 <email>
3 <configuration>
4 <to>...</to>
5 <subject>...</subject>
6 ...
7 </configuration>
8 <form>
9 <telephone>
10 <label>...</label>
11 </telephone>
12 <singleChoice>
13 <choice>...</choice>
14 <choice>...</choice>
15 </singleChoice>
16 ...
17 </form>
18 </email>
19 <!-- end -->
12. 1 <!-- email_form.fml -->
2 <email>
3 <configuration>
4 <to>...</to>
5 <subject>...</subject>
6 ...
7 </configuration>
8 <form>
9 <telephone>
10 <label>...</label>
11 </telephone>
12 <singleChoice>
13 <choice>...</choice>
14 <choice>...</choice>
15 </singleChoice>
16 ...
17 </form>
18 </email>
19 <!-- end -->
13. 1 <!-- email_form.fml -->
2 <email>
3 <configuration>
4 <to>...</to>
5 <subject>...</subject>
6 ...
7 </configuration>
8 <form>
9 <telephone>
10 <label>...</label>
11 </telephone>
12 <singleChoice>
13 <choice>...</choice>
14 <choice>...</choice>
15 </singleChoice>
16 ...
17 </form>
18 </email>
19 <!-- end -->
14. 1 <!-- email_form.fml -->
2 <email>
3 <configuration>
4 <to>...</to>
5 <subject>...</subject>
6 ...
7 </configuration>
8 <form>
9 <telephone>
10 <label>...</label>
11 </telephone>
12 <singleChoice>
13 <choice>...</choice>
14 <choice>...</choice>
15 </singleChoice>
16 ...
17 </form>
18 </email>
19 <!-- end -->
16. PROCESSO Richiesta della pagina 1/1
XHTML
WWW
Translator Javascript
FML le Parser FMTree
Evaluator Mail
Con guration
Database
17. HTTP
+
DATI
Invio dei dati 2
18. PROCESSO Invio dei dati 1/1
XHTML
WWW
Translator Javascript
FML le Parser FMTree
Evaluator Mail
Con guration
Database
20. Each time we create
a fool–proof system
the universe
creates a be!er fool