Input Validation

Using black and/or white lists which defines valid input data. Such approach is more accurate and provides better risk analysis, when there is need of modification of the lists.

E.g. When we expect digits as an input, then we should perform accurate input data validation.


 * 1) include 
 * 2) include 
 * 3) include 

int main(int argc, char **argv) {      char a[256]; strncpy(a, argv[1], sizeof(a)-1);

int b=0;

for(b=0; b

For special attention deserves modifier "/D", which additionally protects against HTTP Response Splitting type of attacks.

Avoid using of environment variables if the attacker may alter their values.

Check Category:Input Validation for contents