Improper input validation 📖 Wikipedia

🌐 🇮🇩 ID 🇺🇸 EN 🇩🇪 DE 🇫🇷 FR 🇪🇸 ES 🇷🇺 RU 🇮🇹 IT 🇵🇱 PL 🇨🇳 ZH 🇯🇵 JA 🇧🇷 PT ↗ Wikipedia

📑 Table of Contents▼

Improper input validation^[1] or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.^[2] This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."^[1]

Examples

edit

Examples include:

See also

edit

Input validation – Process of ensuring computer data is both correct and useful
Common Weakness Enumeration – Catalog of software weaknesses and vulnerabilities (CWE)

References

edit

^ ^a ^b "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. Retrieved February 22, 2011.
^ Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.

External links

edit

"Input Validation". OWASP Cheat Sheet Series. Retrieved 2026-02-09.
"Improper Data Validation". OWASP Foundation. Retrieved 2026-02-09.

This security software article is a stub. You can help Wikipedia by adding missing information.

📚 Artikel Terkait di Wikipedia

Heartbleed

instance is running as a TLS server or client. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS

SQL injection

including prepared statements, stored procedures, and input validation, to prevent user input from being misinterpreted as executable SQL code. Discussions

PeaZip

be customized. Versions older than 2.6.1 were vulnerable to an improper input validation weakness corrected in following versions. From version 6.9.2,

String interpolation

WriteLine($"Hello, {name}") The output will be: Hello, Tom Concatenation Improper input validation printf format string Quasi-quotation String literal Substitution

Browser security

vulnerabilities in Chromium web-browser indicates that, Improper Input Validation (CWE-20) and Improper Access Control (CWE-284) are the most occurring root

Negative testing

expected. This shows that the application is able to handle improper user behavior. Users input values that do not work in the system to test its ability

Uncontrolled format string

Cross-site scripting printf scanf syslog Improper input validation SQL injection is a similar attack that succeeds when input is not filtered "CWE-134: Uncontrolled

File inclusion vulnerability

parameters. If a strong method of input validation such as a whitelist cannot be used, then rely upon input filtering or validation of the passed-in path to make

Movie Index: 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z