Jump to content

Improper input validation

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Ron Ritzman (talk | contribs) at 01:42, 26 February 2011 (AFD closed keep). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A string exploit is a security exploit involving handling of string data in computer software.[1][2][3]

Examples include:

References

  1. ^ Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series. Safari Books Online. ISBN 9781593271442. {{cite book}}: Unknown parameter |Edition= ignored (|edition= suggested) (help)
  2. ^ "SecurityFocus penetration: The Building of an exploit string" (PDF). derkeiler.com. February 27, 2003. Retrieved February 22, 2011.
  3. ^ Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley (2010). "AEG: Automatic Exploit Generation" (PDF). Pittsburgh: ece.cmu.edu. Retrieved February 22, 2011. The exploit string can be directly fed into the vulnerable application...{{cite web}}: CS1 maint: multiple names: authors list (link)
  4. ^ "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. {{cite web}}: |access-date= requires |url= (help); Missing or empty |url= (help)
  5. ^ "Network security advisories article: Mod_Security ASCIIZ byte POST bypass Vulnerability". Emagined Security. July 15, 2008. Retrieved February 22, 2011.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Improper_input_validation&oldid=415965564"