Skip to main content

Discard unsafe inputs

Summary

The system must discard all potentially harmful information received via data inputs.

Description

Technological devices and, in particular, applications must be able to notice if the received information does not correspond to its operational purposes, in order to treat it properly (for example, rejecting and/or generating timely alerts) and ensure that it does not impact the operation negatively. Typical examples of this are: SQL queries, JavaScript code, OS commands or LDAP queries in fields and application parameters; text with undesired special characters and their possible combinations in fields and parameters; files manipulated in structure and extension to be loaded in an application or technology artifact; and in general any type of information that does not correspond to the requested format. A large amount of the incoming traffic (which does not correspond to operational purposes) of a technological artifact must also be considered, and controls and proper treatment must be applied.

Supported In

This requirement is verified in following services

PlanSupported
Essential🟢
Advanced🟢

References

Vulnerabilities

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.