Difference between revisions of "Output Validation"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
(Reverting to last version not containing links to www.texttalaro.com)
Line 1: Line 1:
http://www.texttalaro.com
 
 
{{Template:Stub}}
 
{{Template:Stub}}
  

Revision as of 13:27, 27 May 2009

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.



This is a control. To view all control, please see the Control Category page.

Description

Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it. You might also validate the output for common attacks, such as Cross-site Scripting (XSS) and SQL Injection before sending it.

NOTE: See HTML Entity Encoding which is a sort of output validation.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures