Browse Definitions :
Definition

input validation attack

An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field. Input validation attacks take place when an attacker purposefully enters information into a system or application with the intentions to break the system's functionality.

Sometimes a web application can cause a malicious attack or input validation attack all while running in the background. However in most cases, it is an individual putting the data into the system and corrupting its performance.

When information is input by an application or user as part of a user input attack it can make a computer vulnerable to unauthorized changes and destructive commands. The type of unsafe data entered into a system can range from simple words to malicious code to massive scale information attacks. The best form of defense against these attacks is to test for input validation prior to deploying an application.

Types of input validation attacks

A few common types of input validation attacks include:

  • Buffer overflow- This is a type of attack that sends too much information for a system to process, causing a computer or network to stop responding. A buffer overflow might also cause excess information to take up memory that was not intended for it, sometimes even overwriting memory.
  • Canonicalization attacks- A canonicalization attack takes place when someone changes a file directory path that has digital permissions to access parts of a computer in order to allow access to malicious parties that use this unauthorized entry to steal sensitive information or make unapproved changes.
  • XSS attacks- Also called cross-site scripting, these attacks involve placing a malicious link in an innocuous place, like a forum, which contains most of a valid URL with a dangerous script embedded. An unsuspecting visitor might trust the site they are on and not worry that a comment or entry on the site contains a virus.
  • SQL injection attacks- SQL injection attacks involve taking a public URL and adding SQL code to the end to try to gain access to sensitive information. An attacker might enter code into a field commanding a computer to do something like copy all of the contents of a database to the hacker, authenticate malicious information, reveal hidden entries in a database or delete information without consent.
This was last updated in June 2019

Continue Reading About input validation attack

SearchCompliance
  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • risk profile

    A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.

  • risk appetite

    Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • cloud archive

    A cloud archive is storage as a service for long-term data retention.

  • cache

    A cache -- pronounced CASH -- is hardware or software that is used to store something, usually data, temporarily in a computing ...

  • archive

    An archive is a collection of data moved to a repository for long-term retention, to keep separate for compliance reasons or for ...

Close