Introduction

Server Side Input Validation Vulnerabilities are a class of vulnerabilities that are a direct result of a lack of or inadequate sanitization or validation of the integrity of data that is processed by the application. Note the term Server Side . In a complex web application, in the user experience, there can be client side cleansing of data and format enforcement such as by JavaScript or other Client Side scripting languages. But we as Hackers are taught that this effort is irrelevant because we can modify the request in transit using a man in the middle proxy or by direct URL modification, or creating custom pages that submit the data we went to send to the server in the format WE the hackers want to send it in, and not the what the application developers with their fancy JavaScript intended to receive. That was not a dig against web application developers, however, if there are web developers reading this book, focus on the server side enforcement of data first, then the client, it is safer. Often times there is not enough time or budget to do both, and the project owners also known as pointy haired managers (who are usually not web application developers or web application security professionals) prefer to focus on the user experience where client side JavaScript is ideal, but client side validation of information entered into web forms alone will not result in a secure application.

In building a web application it is better to beg...