Input validation
Improper validation of input is one of the most common and inherent flaws in most web applications.
This weakness further leads to many critical vulnerabilities in web applications, such as cross-site scripting, SQL injection, buffer overflows, and so on.
Most times when an application is developed, it blindly accepts all the data coming to it. However from the security perspective, this is a harmful practice as malicious data could also get in due to lack of proper validation.
OWASP mapping
Input validation related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A1:2017 Injection, A4:2017-XML External Entities (XXE), A7:2017-Cross-Site Scripting (XSS), and A8:2017-Insecure Deserialization. Some of the vulnerabilities listed under this category are as follows:
- Application not validating input both on the client side as well as the server side.
- Application allowing harmful blacklisted characters (<>;’”!()).
- Application vulnerable to injection...