Validating text input

Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets, from suppliers, partners, vendors or regulators[1], each of which may be compromised on their own and start sending malformed data.

Ensure that any input validation performed on the client is also performed on the server.

SSN, date, currency symbol) while semantic validation should enforce correctness of their values in the specific business context (e.g.

start date is before end date, price is within expected range).

It is always recommended to prevent attacks as early as possible in the processing of the user’s (attacker's) request.

Input validation can be used to detect unauthorized input before it is processed by the application.

Leave a Reply