Improper input validation 📖 Wikipedia

🌐 🇮🇩 ID 🇺🇸 EN 🇩🇪 DE 🇫🇷 FR 🇪🇸 ES 🇷🇺 RU 🇮🇹 IT 🇵🇱 PL 🇨🇳 ZH 🇯🇵 JA 🇧🇷 PT ↗ Wikipedia

📑 Table of Contents▼

Improper input validation^[1] or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.^[2] This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."^[1]

Examples

edit

Examples include:

See also

edit

Input validation – Process of ensuring computer data is both correct and useful
Common Weakness Enumeration – Catalog of software weaknesses and vulnerabilities (CWE)

References

edit

^ ^a ^b "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. Retrieved February 22, 2011.
^ Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.

External links

edit

"Input Validation". OWASP Cheat Sheet Series. Retrieved 2026-02-09.
"Improper Data Validation". OWASP Foundation. Retrieved 2026-02-09.

This security software article is a stub. You can help Wikipedia by adding missing information.

📚 Artikel Terkait di Wikipedia

Uncontrolled format string

use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use

Null character

the end of the string. Thus, the ability to type it (in case of unchecked user input) creates a vulnerability known as null byte injection and can lead

Checkbox

Checkboxes are shown as empty boxes when unchecked, and with a tick or cross inside (depending on the graphical user interface) when checked. A caption describing

Robots.txt

discover more links, such as sitemaps. Co-founder Jason Scott said that "unchecked, and left alone, the robots.txt file ensures no mirroring or reference

Facebook

gender setting, adding a custom input field that allows users to choose from a wide range of gender identities. Users can also set which set of gender-specific

Defensive programming

Making the software behave in a predictable manner despite unexpected inputs or user actions. Overly defensive programming, however, may safeguard against

Integer overflow

result computed from user input overflows, the program can stop, reject the input, and perhaps prompt the user for different input, rather than the program

State machine replication

Machine): A set of States A set of Inputs A set of Outputs A transition function (Input × State → State) An output function (Input × State → Output) A distinguished

Movie Index: 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z