Improper input validation
From HandWiki - Reading time: 1 min
Improper input validation[1] or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.[2] This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."[1]
Examples
Examples include:
- Buffer overflow
- Cross-site scripting
- Directory traversal
- Null byte injection
- SQL injection
- Uncontrolled format string
See also
- Input validation
- Common Weakness Enumeration – Catalog of software weaknesses and vulnerabilities (CWE)
References
- ↑ 1.0 1.1 "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. http://cwe.mitre.org/data/definitions/20.html. Retrieved February 22, 2011.
- ↑ Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.
External links
- "Input Validation". https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html.
- "Improper Data Validation". https://owasp.org/www-community/vulnerabilities/Improper_Data_Validation.
 |  |
Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/Improper_input_validation45 views | Status: cached on May 16 2026 12:55:55↧ Download this article as ZWI file
EncycloReader
is supported by the 
KSF