Browse Definitions :
Definition

input validation attack

Contributor(s): Laura Fitzgibbons

An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field. Input validation attacks take place when an attacker purposefully enters information into a system or application with the intentions to break the system's functionality.

Sometimes a web application can cause a malicious attack or input validation attack all while running in the background. However in most cases, it is an individual putting the data into the system and corrupting its performance.

When information is input by an application or user as part of a user input attack it can make a computer vulnerable to unauthorized changes and destructive commands. The type of unsafe data entered into a system can range from simple words to malicious code to massive scale information attacks. The best form of defense against these attacks is to test for input validation prior to deploying an application.

Types of input validation attacks

A few common types of input validation attacks include:

  • Buffer overflow- This is a type of attack that sends too much information for a system to process, causing a computer or network to stop responding. A buffer overflow might also cause excess information to take up memory that was not intended for it, sometimes even overwriting memory.
  • Canonicalization attacks- A canonicalization attack takes place when someone changes a file directory path that has digital permissions to access parts of a computer in order to allow access to malicious parties that use this unauthorized entry to steal sensitive information or make unapproved changes.
  • XSS attacks- Also called cross-site scripting, these attacks involve placing a malicious link in an innocuous place, like a forum, which contains most of a valid URL with a dangerous script embedded. An unsuspecting visitor might trust the site they are on and not worry that a comment or entry on the site contains a virus.
  • SQL injection attacks- SQL injection attacks involve taking a public URL and adding SQL code to the end to try to gain access to sensitive information. An attacker might enter code into a field commanding a computer to do something like copy all of the contents of a database to the hacker, authenticate malicious information, reveal hidden entries in a database or delete information without consent.
This was last updated in June 2019

Continue Reading About input validation attack

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What have you found are some best practices to avoid being susceptible to input validation hacks?
Cancel

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close