What are the types of input I need to validate in my ASP.NET application?

From Guidance Share

Revision as of 07:07, 17 October 2006; Admin (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman


You should assume all input is malicious and design and secure your application based on this. Constrain input for length, range, format, and type, while doing so validate inputs from all sources like Server controls, HTML controls, query strings, cookies, Http headers, shared database etc.

More Information

For more information on input / data validation in ASP.NET, see “How To: Protect from Injection attacks in ASP.NET” at http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000003.asp and "How To: Use Regular expressions to constrain input in ASP.NET" http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000001.asp

Personal tools