Difference between revisions of "Output Validation"

From OWASP
Jump to: navigation, search
(Description)
(Description)
Line 3: Line 3:
 
==Description==
 
==Description==
  
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it.  You might also validate the output for common attacks, such as [[Cross-site scripting]]] and [[SQL Injection]] before sending it.
+
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it.  You might also validate the output for common attacks, such as [[Cross-site Scripting (XSS)]] and [[SQL Injection]] before sending it.
  
 
NOTE: See [[HTML Entity Encoding]] which is a sort of output validation.
 
NOTE: See [[HTML Entity Encoding]] which is a sort of output validation.

Revision as of 07:53, 18 September 2008

This is a countermeasure. To view all countermeasures, please see the Countermeasure Category page.

Description

Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it. You might also validate the output for common attacks, such as Cross-site Scripting (XSS) and SQL Injection before sending it.

NOTE: See HTML Entity Encoding which is a sort of output validation.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures