fml, un approccio semplice alla sicurezza web
TRANSCRIPT
![Page 1: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/1.jpg)
FMLUn linguaggio semplice per la creazione di form web
Valentina De RosaCorso di laurea triennale in Informatica
a.a. 2010/2011
![Page 2: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/2.jpg)
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead–lined room with armed guards.
— E. Spafford“
![Page 3: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/3.jpg)
“ WEB & APP: Welcome, please enjoy our user’s data!
![Page 4: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/4.jpg)
Siti vulnerabili
84%
Almeno una vulnerabilitàfra le 3 più pericolose
64%
ALCUNE STATISTICHE WhiteHat Website Security Statistics ReportOWASP Top Ten Project 1 / 2
![Page 5: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/5.jpg)
Numero medio di vulnerabilitàcritiche (per sito)
230
ALCUNE STATISTICHE WhiteHat Website Security Statistics ReportOWASP Top Ten Project 2 / 2
![Page 6: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/6.jpg)
+-Soluzioni esistenti
Abilità di programmazione
![Page 7: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/7.jpg)
<email> <configuration> <from>[email protected]</from> <to>$email</to> <subject>Reservation made by $surname</subject> <text>Mr./Ms. $surname reserved a table for $people people in date$date and time $time. Notes: $notes.</text> <success>Thank you for reserving a table on $date. We'll send you a confirmation email soon.</success> </configuration> <form> <name id="surname"> <label>Surname</label> <optional>false</optional> </name> <email id="email"> <label>Email</label> <optional>false</optional> </email> <date id="date"> <label>Reservation date</label> <optional>false</optional> </date> <time id="time"> <label>Reservation time</label> <interval step="15">12:00-15:00</interval> <interval step="15">20:00-23:00</interval> <optional>false</optional> </time> <singleChoice id="people"> <label>How many people?</label> <optional>false</optional> <choiceRange>1-10</choiceRange> </singleChoice> <textarea id="notes"> <label>Notes</label> <optional>true</optional> </textarea> </form></email>
• perme"e di descrivere un’interazione• linguaggio simile ad HTML• stru"ura semanticaFML
![Page 8: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/8.jpg)
<email> <configuration> <from>[email protected]</from> <to>$email</to> <subject>Reservation made by $surname</subject> <text>Mr./Ms. $surname reserved a table for $people people in date$date and time $time. Notes: $notes.</text> <success>Thank you for reserving a table on $date. We'll send you a confirmation email soon.</success> </configuration> <form> <name id="surname"> <label>Surname</label> <optional>false</optional> </name> <email id="email"> <label>Email</label> <optional>false</optional> </email> <date id="date"> <label>Reservation date</label> <optional>false</optional> </date> <time id="time"> <label>Reservation time</label> <interval step="15">12:00-15:00</interval> <interval step="15">20:00-23:00</interval> <optional>false</optional> </time> <singleChoice id="people"> <label>How many people?</label> <optional>false</optional> <choiceRange>1-10</choiceRange> </singleChoice> <textarea id="notes"> <label>Notes</label> <optional>true</optional> </textarea> </form></email>
non èFML
![Page 9: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/9.jpg)
in de!aglioFML
![Page 10: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/10.jpg)
1 2 3
![Page 11: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/11.jpg)
<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>
... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>
... </form></email><!-- end -->
123456789
10111213141516171819
![Page 12: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/12.jpg)
<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>
... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>
... </form></email><!-- end -->
123456789
10111213141516171819
![Page 13: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/13.jpg)
<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>
... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>
... </form></email><!-- end -->
123456789
10111213141516171819
![Page 14: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/14.jpg)
<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>
... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>
... </form></email><!-- end -->
123456789
10111213141516171819
![Page 15: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/15.jpg)
1
HTTP
Richiesta pagina
![Page 16: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/16.jpg)
PROCESSO Richiesta della pagina 1 / 1
FML !le Parser FMTree
Translator
Evaluator Mail
DatabaseCon!guration
XHTML
Javascript
WWW
![Page 17: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/17.jpg)
2
HTTP+
DATI
Invio dei dati
![Page 18: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/18.jpg)
PROCESSO Invio dei dati 1 / 1
FML !le Parser FMTree
Translator
Evaluator Mail
DatabaseCon!guration
XHTML
Javascript
WWW
![Page 19: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/19.jpg)
In conclusione
![Page 20: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/20.jpg)
Each time we create a fool–proof systemthe universe creates a be!er fool
![Page 21: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/21.jpg)
Verso l’infinito...
![Page 22: FML, un approccio semplice alla sicurezza web](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559cd41b1a28ab547f8b4860/html5/thumbnails/22.jpg)
Grazie