Improper input validation

Improper input validation{{cite web |work=Common Weakness Enumeration |publisher=MITRE |title=CWE-20: Improper Input Validation |url=http://cwe.mitre.org/data/definitions/20.html |date=December 13, 2010 |accessdate=February 22, 2011}} or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.{{cite book|title=Hacking: the art of exploitation|series=No Starch Press Series|publisher=Safari Books Online|first=Jon|last=Erickson|edition=2, illustrated|year=2008|ISBN= 978-1-59327-144-2}} This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."

Examples include:

Buffer overflow
Cross-site scripting
Directory traversal
Null byte injection
SQL injection
Uncontrolled format string

References

Category:Computer security exploits