Improper Input Handling is the term used to describe functions such as validation, sanitization, filtering, or encoding and/or decoding of input data. Improper Input Handling is a leading cause of critical vulnerabilities that exist in today’s systems and applications.
The root cause of Improper Input Handling is the application trusting, rather than validating, data inputs. One of the key aspects of input handling is validating that the input satisfies a certain criteria. All inputs should be considered untrusted as they can come from a variety of mechanisms and be transferred in various formats.
For proper validation, it is important to identify the form and type of data that is acceptable and expected by the application. This is required to accurately define restrictions and avoid Improper Input Handling attacks.