Browse Definitions :
Definition

input validation attack

An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field. Input validation attacks take place when an attacker purposefully enters information into a system or application with the intentions to break the system's functionality.

Sometimes a web application can cause a malicious attack or input validation attack all while running in the background. However in most cases, it is an individual putting the data into the system and corrupting its performance.

When information is input by an application or user as part of a user input attack it can make a computer vulnerable to unauthorized changes and destructive commands. The type of unsafe data entered into a system can range from simple words to malicious code to massive scale information attacks. The best form of defense against these attacks is to test for input validation prior to deploying an application.

Types of input validation attacks

A few common types of input validation attacks include:

  • Buffer overflow- This is a type of attack that sends too much information for a system to process, causing a computer or network to stop responding. A buffer overflow might also cause excess information to take up memory that was not intended for it, sometimes even overwriting memory.
  • Canonicalization attacks- A canonicalization attack takes place when someone changes a file directory path that has digital permissions to access parts of a computer in order to allow access to malicious parties that use this unauthorized entry to steal sensitive information or make unapproved changes.
  • XSS attacks- Also called cross-site scripting, these attacks involve placing a malicious link in an innocuous place, like a forum, which contains most of a valid URL with a dangerous script embedded. An unsuspecting visitor might trust the site they are on and not worry that a comment or entry on the site contains a virus.
  • SQL injection attacks- SQL injection attacks involve taking a public URL and adding SQL code to the end to try to gain access to sensitive information. An attacker might enter code into a field commanding a computer to do something like copy all of the contents of a database to the hacker, authenticate malicious information, reveal hidden entries in a database or delete information without consent.
This was last updated in June 2019

Continue Reading About input validation attack

SearchNetworking
SearchSecurity
  • man in the browser (MitB)

    Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is ...

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system ...

  • parameter tampering

    Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's ...

SearchCIO
  • e-business (electronic business)

    E-business (electronic business) is the conduct of business processes on the internet.

  • business resilience

    Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business ...

  • chief procurement officer (CPO)

    The chief procurement officer, or CPO, leads an organization's procurement department and oversees the acquisitions of goods and ...

SearchHRSoftware
SearchCustomerExperience
  • clickstream data (clickstream analytics)

    Clickstream data and clickstream analytics are the processes involved in collecting, analyzing and reporting aggregate data about...

  • neuromarketing

    Neuromarketing is the study of how people's brains respond to advertising and other brand-related messages by scientifically ...

  • contextual marketing

    Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their ...

Close