This is defense in depth. Consider UI input validation the otter most wall. In many ways this is a convenience for the users who are using your application as intended. Validations in the business layer are another wall. Validations in the data access layer are another wall. Validations in the database schema are a final wall. Each wall is important, and each wall should not negate the need to do validations on the next.
Logging failed input validations becomes a critical part of intrusion detection. Seeing that someone attempted a SQL injection attack gives you advance warning that someone is probing your system for vulnerabilities. Logging such details and keeping track of these logs may reassure you that your validations are working. It may also give you an indication of where future attacks may originate from. Every piece of information can be helpful.
Read Full Here
No comments:
Post a Comment