• Use strong input validating mechanisms for user data inputs
  • Implement strict application security routines and updates
  • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
  • Use strictly configured firewalls to block and identify parameters that are defined in a web page

Insecure Code

  • An attacker can manipulate the file name or delete desired one