What are the types of input I need to validate in my ASP.NET application?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

You should assume all input is malicious and design and secure your application based on this. Constrain input for length, range, format, and type, while doing so validate inputs from all sources like Server controls, HTML controls, query strings, cookies, Http headers, shared database etc.

More Information

For more information on input / data validation in ASP.NET, see “How To: Protect from Injection attacks in ASP.NET” at http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000003.asp and "How To: Use Regular expressions to constrain input in ASP.NET" http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000001.asp

Personal tools