From Coding Horror, originally from CWE/SANS, this is a list that every developer should review from time to time.
If you work on software in any capacity, at least skim this list. I encourage you to click through for greater detail on anything you're not familiar with, or that piques your interest.
- Improper Input Validation
Ensure that your input is valid. If you're expecting a number, it shouldn't contain letters. Nor should the price of a new car be allowed to be a dollar. Incorrect input validation can lead to vulnerabilities when attackers can modify their inputs in unexpected ways. Many of today's most common vulnerabilities can be eliminated, or at least reduced, with strict input validation.
...
Read the whole list.
Posted
Feb 05 2009, 06:50 AM
by
keith-brown