- Data validation techniques include various methods used in preventing attackers from taking advantage of the vulnerabilities arising due to invalid inputs
- Canonicalization of input or encoding of the input that can be easily interpreted by the system is always safe
Character set that mostly cause trouble are:
- Characters that have special meaning
- Normal control characters (Values less than 32)
- Characters with values higher than 127
- Metacharacters
Data Validation Techniques (Cont’d)
Data validation techniques include some of the basic general strategies such as:
- Encode Known Bad
– Encoding the known bad entries within the code - Reject Known Bad
– Do not let known bad entries to be entered into the system - Accepting Exact Match
– Accepting a finite list of only known values - Known Good
– If a finite list is not available, then use known good approach
Cheng® 