From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Input validation

Input validation

- [Narrator] Any case where users supply input to an application opens that application up to exploitation. User-supplied input may contain code designed to interact with a database, manipulate the browsers or future visitors to the site, or perform any of a number of other attacks. Elsewhere in this series of courses, you've learned about some of those attacks, including SQL injection and cross-site scripting. One of the most important ways that we can protect against input-based attacks is the use of input validation. This technique filters user input, making sure that the input provided by end users does not contain malicious or otherwise unexpected values. There are two different approaches that you can take to input validation, whitelisting and blacklisting. Whitelisting is the most powerful approach to input validation. In this approach, the developer specifies the exact type of input that is allowed from the end…

Contents