The possibility of threats introduced by improper data validation are many, but the cause almost same. The attacker could possibly application logic, execute unauthorized commands or code on backend systems or compromise the trust the user has in the application.
What is Code Injection?
When data is passes through a program that operates in a particular processing context. This context has its rules for identifying data and commands. This identification is important from a security perspective because commands are issued from a trusted source, whereas data could be supplied from a non-trusted source.
Inadequate data validation might prove disruptive to the normal functioning of website. These include:
• Path traversal
• Various buffer and format string vulnerabilities that affect languages such as C and C++
• Encoder attacks, which defeat security and validation mechanisms, such as the double decode and Unicode vulnerabilities that affected IIS version 5
• LDAP injections that affect the application in a similar fashion to SQL injection and allow an attacker to run arbitrary LDAP queries.
Conclusion: Web applications are of colossal nature and there are hundreds of applications included daily. The vulnerability of a web page in a scenario like this increase many times. In such a situation it is very important to undertake proper data validation approaches.
Download Data Validations Engineering Technical Presentation.