Common Web Security Mistakes

Data must be validated as it crosses the boundary between untrusted and trusted environments. By definition, trusted data is data you or an entity you explicitly trust has complete control over; untrusted data refers to everything else. Any data submitted by a user is initially untrusted data.

This section contains:

• User Input Vulnerabilities
• Example of Trusting Input Using Managed Code
• Security Vulnerability: Unbounded Sizes
• Security Vulnerability: Using Direct User Input in SQL Statements
• User Input Remedies

Copyright © 2005 Microsoft Corporation.
All rights reserved.