• Humans intentionally or unintentionally give invalid inputs that can pose computer security risks to applications and organizations
  • A web application surely needs to check various mandatory application fields for correct expected format else it results in altered control flow, arbitrary control of a resource, or arbitrary code execution
  • Java action forms provide input data validation in the source code, providing error message in case of invalid data input

💖Impact of Invalid Data Input

  • Input data validation is most important for any software application because of the dangers posed by tainted input at various levels of its execution
  • An application that does not validate the input data is prone to risks that are critical to application security

Risks of Improper Data Validation

  • Availability (Technical Impact)
    – A system can be DOS attacked, crashed, exited, restarted or resources like CPU, memory are consumed
  • Confidentiality
    – Attackers can steal, read or change the data such as memory, files and directories
  • Integrity
    – Hackers can illegitimately modify the control flow, execute arbitrary commands, and modify the data and memory
    public static final double COST = 5.00;
public void inqty(){
  int quantity = currentUser.getAttribute("quantity");
  double sum = price * quantity;
  chargeUser(sum);

[(“quantity");] —-> In this code, an e-commerce application price of a particular article is constant, where as the quantity is not; a hacker can even insert negative values for the quantity resulting in crediting his account instead of debiting on buying the good

Impact of Invalid Data Input (Cont’d)