Difference between revisions of "Output Validation"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
{{Template:Countermeasure}}
 
{{Template:Countermeasure}}
 +
 +
Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it.  You might also validate the output for common attacks, such as [[XSS]] and [[SQL Injection]] before sending it.
 +
 +
NOTE: See [[HTML Entity Encoding]] which is a sort of output validation.
  
 
{{Template:Stub}}
 
{{Template:Stub}}

Revision as of 11:08, 24 July 2006

This is a countermeasure. To view all countermeasures, please see the Countermeasure Category page.

Output validation refers to the process of validating the output of a process before it is sent to some recepient. For example, if you search your output for credit card numbers and replace them with asterisks (*), you have validated the output before sending it. You might also validate the output for common attacks, such as XSS and SQL Injection before sending it.

NOTE: See HTML Entity Encoding which is a sort of output validation.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.