Revision as of 14:26, 5 March 2011 edit Lambiam (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 65,081 edits avoid confusion (see talk) ← Previous edit		Revision as of 22:49, 5 March 2011 edit undo Lambiam (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 65,081 edits name the vulnerability, not the attack Next edit →
Line 1: '''Improper input validation'''<ref>{{cite web \|work=[[Common Weakness Enumeration]] \|publisher=[[MITRE]] \|title=CWE-20: Improper Input Validation \|url=http://cwe.mitre.org/data/definitions/20.html \|date=December 13, 2010 \|accessdate=February 22, 2011}}</ref> or '''unchecked user input''' is a type of [[vulnerability (computing)\|vulnerability]] in [[computer software]] that may be used for [[security exploit]]s.<ref name=hacking>{{cite book\|title=Hacking: the art of exploitation\|series=No Starch Press Series\|publisher=Safari Books Online\|first=Jon\|last=Erickson\|Edition=2, illustrated\|year=2008\|ISBN= 9781593271442}}</ref> Examples include: * [[Format string attack]] * [[Buffer overflow]] * [[Cross-site scripting]] * [[Directory traversal]] * [[Null byte injection]]~~<ref>~~▼ * [[SQL injection]] * [[Uncontrolled format string]] ▲* [[Null byte injection]]<ref> ~~{{cite web~~ ~~\| url = http://www.emagined.com/securityfocus-advisory/22831/mod-security-asciiz-byte-post-bypass-vulnerability~~ ~~\| title = Network security advisories article: Mod_Security ASCIIZ byte POST bypass Vulnerability~~ ~~\| date = July 15, 2008~~ ~~\| publisher = Emagined Security~~ ~~\| accessdate = February 22, 2011~~ }} ~~</ref>~~ == References ==

Improper input validation: Difference between revisions