Input Validation

From OWASP
Revision as of 21:06, 19 November 2006 by OWASP (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is a countermeasure. To view all countermeasures, please see the Countermeasure Category page.

Description

Input validation refers to the process of validating all the input to an application before using it. Input validation is absolutely critical to application security, and most application risks involve tainted input at some level.

Many applications do not plan input validation, and leave it up to the individual developers. This is a recipe for disaster, as different developers will certainly all choose a different approach, and many will simply leave it out in the pursuit of more interesting development.

See Data_Validation for more.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures