<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

New Feature: Typed Input Validation for Form Fields

Kunal Anand on Jul 31, 2014

padlocked_101

When we started Prevoty, one of our main goals was to give developers a systemic approach for creating and managing secure applications. Our product roadmap began with the ambition of preventing the most difficult OWASP attacks and over the last 18 months, our engineering team has created novel algorithms and technologies to prevent XSS, SQLi and CSRF. On top of that, our team has developed an on-premise version of the Prevoty engine while continuing to support nearly a dozen different SDKs + frameworks (servlet filters and HTTP modules). We've covered a lot of ground in such a short period of time!

As we met with prospects and customers over the past year, it became clear that there was a need for a particular kind of application security functionality: typed input validation. Lots of organizations perform input validation on form fields - for instance, ensuring that an email is valid or that a string meets the minimum criteria. We observed that many of them didn't really know how to perform input validation for specific types in a consistent, accurate manner. As an organization builds up its number of applications or develops in different languages, this technical debt can become a security nightmare.

We decided to build something to help.

Today, I'm pleased to announce that the Prevoty engine now supports the ability to perform input validation for specific types! We are providing developers with a consistent and accurate library that can be used from any of our SDKs.

We currently support the following validations:

  • Email
  • Base64
  • IP address
  • URL
  • String
  • Alpha
  • Numeric
  • Alphanumeric 

We're acutely aware that the above list isn't comprehensive or exhaustive -- it's simply a start and we have plenty more typed validations in our roadmap, including those for social security numbers, zip codes and many more.

If you'd like to see us support particular validations, please let us know at support@prevoty.com. We're always interested in hearing how we can reduce your security pain points. In the mean time, you can always check out our current SDKs and frameworks on our GitHub: https://github.com/prevoty

We hope these typed validations allow you to shorten your application development lifecycles. As always, you can contact us if you'd like to get started with an evaluation of Prevoty today.

 


Back to blog





Kunal Anand

Kunal Anand is the co-founder and CTO of Prevoty, a next-generation web application security platform. Prior to that, he was the Director of Technology at the BBC Worldwide, overseeing engineering and operations across the company’s global Digital Entertainment and Gaming initiatives. Kunal also has several years of experience leading security, data and engineering at Gravity, MySpace and NASA’s Jet Propulsion Laboratory. His work has been featured in Wired Magazine and Fast Company. He continues to develop the patented security technologies that power Prevoty’s core products. Kunal received a B.S. from Babson College.

Find me on:

Topics: Application Security, Prevoty Technology, Feature Updates