Improper Input Validation

Improper input validation^[1] or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.^[2] This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."^[1] Examples include:

Buffer overflow
Cross-site scripting
Directory traversal
Null byte injection
SQL injection
Uncontrolled format string

References

↑ ^1.0 ^1.1 "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. http://cwe.mitre.org/data/definitions/20.html. Retrieved February 22, 2011.
↑ Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Improper input validation. Read more

[:0-1] 1.0 ^1.1 "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. http://cwe.mitre.org/data/definitions/20.html. Retrieved February 22, 2011.

[hacking-2] Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.