From the course: OWASP Top 10: #3 Injection and #4 Insecure Design
Join today to access over 23,200 courses taught by industry experts.
Prevention technique #2: Input validation
From the course: OWASP Top 10: #3 Injection and #4 Insecure Design
Prevention technique #2: Input validation
- [Instructor] Input validation is exactly what it sounds like. Web applications take input from users, that input needs to be validated to make sure that it's safe and not dangerous. This is kind of like when my kids go trick or treating on Halloween and they get candy from the neighborhood homes that we visit, in this analogy the treats are the user supplied input. As a responsible parent, I won't allow my kids to eat the candy before I inspect it and decide that it's safe for them to consume. In a sense, I am performing input validation before they are allowed to eat their Halloween treats. There are two different ways to perform input validation. One way is to define what is allowed, the other way is to define what is not allowed. A web application will validate user input by evaluating one or more attributes and determining if it matches what is expected by the application. These attributes might include data type,…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
What is injection?2m 35s
-
(Locked)
Example #1: 2008 Heartland data breach1m 58s
-
(Locked)
Example #2: 2020 Accellion data breach2m 9s
-
(Locked)
Prevention technique #1: Prepared statements2m 10s
-
(Locked)
Prevention technique #2: Input validation2m 19s
-
(Locked)
Prevention technique #3: Escape special characters1m 57s
-
-
-