O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Application Architecture and Design Considerations

Input Validation

Check

Description

All entry points and trust boundaries are identified by the design.

Input validation is applied whenever input is received from outside the current trust boundary.

The design assumes that user input is malicious.

Centralized input validation is used where appropriate.

The input validation strategy that the application adopted is modular and consistent.

The validation approach is to constrain, reject, and then sanitize input.

(Looking for known, valid, and safe input is much easier than looking for known malicious or dangerous input.)

Data is validated for type, length, format, and range.

The design addresses potential canonicalization issues.

Input file names and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required