Input Threats & Validation

Question 1

What is a primary attack method

Answer 1

Inputting data - trust nothing that is inputted, data may be unknown, untrusted, insecure or malicious

Question 2

What are injection attacks

Answer 2

Putting data into a web app - malicious code within an input

Question 3

SQL Injection

Answer 3

Insertion or injection of an SQL query into the input data provided by a user to an application. It can read/modify data in a database.

Question 4

Out of bound read

Answer 4

Can access data out of the range of the buffer, means other maybe sensitive information can be affected

Question 5

Out of bounds write

Answer 5

Can modify data out of the range of the buffer
Buffer overflow occurs

Question 6

Buffer overflow

Answer 6

Happens in out of bounds write
When a programmer attempted to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer

Question 7

Whitelist(input validation)

Answer 7

Write what data is allowed, everything else is denied by default

Question 8

Blacklist(input validation)

Answer 8

write what data isn’t allowed, everything else is accepted by default

Question 9

How to implement input validation?

Answer 9

Pattern matching, regular expressions, custom validation

Question 10

How can we ensure data input into a web form by a user is of the correct type

Answer 10

built-in data fields