OWASP Periodic Table of Vulnerabilities - Improper Input Handling
Improper Input Handling
Root Cause Summary
The root cause of improper input handling is the application trusting, not validating or not correctly validating inputs. All inputs should be considered untrusted as they can come from a variety of mechanisms including human, browsers or devices, transferred in various formats and come in many formats. Accepting untrusted input may leave the application vulnerable to attacks such as Buffer Overflows, SQL Injection, OS Commanding, or Denial of Service.
Browser / Standards Solution
Generic Framework Solution
Provide canonicalization and positive validation APIs for common data types, with configurable rules to reject or sanitize bad data.
Custom Framework Solution
Provide canonicalization and positive validation APIs for custom data types, strictly enforcing business rules, with configurable rules to reject or sanitize bad data.
Custom Code Solution
Never use primitives in custom code.
Discussion / Controversy