Input Validation
Input Validation Information & Resources
Input:
1) Something put into a system or expended in its operation to achieve
output or a result.
2) Computer Science. A position, terminal, or station at which input enters
a system.
Validation:
1) (computer science) The act of testing for compliance with a standard.
Input validation can help you defend your applications from malicious hackers.
Nearly every active attack out there is the result of some kind of input from an attacker. Secure programming is about making sure that inputs from bad people do not do bad things.
Indeed, most computer security experts agree that most C and C++ vulnerabilities are resulting from malicious inputs.For example, cryptography and a strong authentication protocol can help prevent attackers from capturing someone's login credentials and sending those credentials as input to the program.C and C++ do not perform array-bounds checking, which turns out to be a security-critical issue, particularly in handling strings. The risks increase even more dramatically when user-controlled data is on the program stack (i.e., is a local variable).
There are many solutions to this problem, but none that are satisfying in every situation. You may want to rely on operational protections (such as the grsecurity project), use a library for safe string handling, or even use a different programming language.
Find out about the Application Security!
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP.NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Securely Maintaining Session State – Best Practices
- Session fixation
- Advanced SQL Injection
- Oracle PL/SQL Injection
- .Net Security tokens, XML signature, XML canonicalization, and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
Ethical Hacking Training and courses from a certified published industry profession.
©2007 All Rights Reserved.
Last Modified 04.4.07