Difference between revisions of "Output Validation"
|Line 16:||Line 16:|
Revision as of 06:31, 21 September 2008
This is a countermeasure. To view all countermeasures, please see the Countermeasure Category page.
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it. You might also validate the output for common attacks, such as Cross-site Scripting (XSS) and SQL Injection before sending it.
NOTE: See HTML Entity Encoding which is a sort of output validation.