Skip to main content

Discard unsafe inputs

Summary

The system must discard all potentially harmful information received via data inputs.

Description

Technological devices and, in particular, applications must be able to notice if the received information does not correspond to its operational purposes, in order to treat it properly (for example, rejecting and/or generating timely alerts) and ensure that it does not impact the operation negatively. Typical examples of this are: SQL queries, JavaScript code, OS commands or LDAP queries in fields and application parameters; text with undesired special characters and their possible combinations in fields and parameters; files manipulated in structure and extension to be loaded in an application or technology artifact; and in general any type of information that does not correspond to the requested format. A large amount of the incoming traffic (which does not correspond to operational purposes) of a technological artifact must also be considered, and controls and proper treatment must be applied.

Supported In

This requirement is verified in following services

PlanSupported
Machine🟢
Squad🟢

References

Vulnerabilities

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.