Improper input validation or unchecked user input is a type of vulnerability in computer software that may be used for security exploits. This vulnerability is caused when "he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."
Examples include:
- Buffer overflow
- Cross-site scripting
- Directory traversal
- Null byte injection
- SQL injection
- Uncontrolled format string
References
- ^ "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. Retrieved February 22, 2011.
- Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.
 | This security software article is a stub. You can help Misplaced Pages by expanding it. |