Browse Definitions :
Definition

input validation attack

An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field. Input validation attacks take place when an attacker purposefully enters information into a system or application with the intentions to break the system's functionality.

Sometimes a web application can cause a malicious attack or input validation attack all while running in the background. However in most cases, it is an individual putting the data into the system and corrupting its performance.

When information is input by an application or user as part of a user input attack it can make a computer vulnerable to unauthorized changes and destructive commands. The type of unsafe data entered into a system can range from simple words to malicious code to massive scale information attacks. The best form of defense against these attacks is to test for input validation prior to deploying an application.

Types of input validation attacks

A few common types of input validation attacks include:

  • Buffer overflow- This is a type of attack that sends too much information for a system to process, causing a computer or network to stop responding. A buffer overflow might also cause excess information to take up memory that was not intended for it, sometimes even overwriting memory.
  • Canonicalization attacks- A canonicalization attack takes place when someone changes a file directory path that has digital permissions to access parts of a computer in order to allow access to malicious parties that use this unauthorized entry to steal sensitive information or make unapproved changes.
  • XSS attacks- Also called cross-site scripting, these attacks involve placing a malicious link in an innocuous place, like a forum, which contains most of a valid URL with a dangerous script embedded. An unsuspecting visitor might trust the site they are on and not worry that a comment or entry on the site contains a virus.
  • SQL injection attacks- SQL injection attacks involve taking a public URL and adding SQL code to the end to try to gain access to sensitive information. An attacker might enter code into a field commanding a computer to do something like copy all of the contents of a database to the hacker, authenticate malicious information, reveal hidden entries in a database or delete information without consent.
This was last updated in June 2019

Continue Reading About input validation attack

SearchCompliance

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • PKI (public key infrastructure)

    PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange ...

  • obfuscation

    Obfuscation means to make something difficult to understand.

  • dumpster diving

    Dumpster diving is looking for treasure in someone else's trash.

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close