Input validation is used to check potentially dangerous inputs but when software does not validate this input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-20 by the 2020 CWE Top 25.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills to:
- Use language-theoretic security (LangSec) techniques that characterizes inputs using a formal language and builds "recognizers" for that language
- Use an input validation framework such as Struts or the OWASP ESAPI Validation API
- Apply an "accept known good" input validation strategy
- Perform validation of sources when an application combines data from multiple source after they have been combined