Difference between revisions of "Output Validation"

From OWASP
Jump to: navigation, search
(Related Attacks: Added XSHM)
 
(12 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Template:Countermeasure}}
+
{{Template:Stub}}
  
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it.  You might also validate the output for common attacks, such as [[XSS]] and [[SQL Injection]] before sending it.
+
{{Template:Control}}
 +
 
 +
==Description==
 +
 
 +
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it.  You might also validate the output for common attacks, such as [[Cross-site Scripting (XSS)]] and [[SQL Injection]] before sending it.
  
 
NOTE: See [[HTML Entity Encoding]] which is a sort of output validation.
 
NOTE: See [[HTML Entity Encoding]] which is a sort of output validation.
  
{{Template:Stub}}
+
==Examples ==
 +
 
 +
==Related Threats==
 +
 
 +
==Related Attacks==
 +
* [[SQL Injection]]
 +
* [[Code Injection]]
 +
* [[XPATH Injection]]
 +
* [[Interpreter Injection]]
 +
* [[Comment Injection Attack]]
 +
* [[Argument Injection or Modification]]
 +
* [[Cross-site Scripting (XSS)]]
 +
* [[Cross Site History Manipulation (XSHM)]]
 +
* [[Regular expression Denial of Service - ReDoS]]
 +
* [[Cross Site Tracing]]
 +
 
 +
==Related Vulnerabilities==
 +
 
 +
==Related Countermeasures==
 +
 
 +
 
 +
[[Category: Control]]

Latest revision as of 11:15, 8 February 2010

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.



This is a control. To view all control, please see the Control Category page.

Description

Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it. You might also validate the output for common attacks, such as Cross-site Scripting (XSS) and SQL Injection before sending it.

NOTE: See HTML Entity Encoding which is a sort of output validation.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures