A1 – Preventing injection attacks
According to OWASP, the most critical type of vulnerability found in Web applications is the injection of some type of code, such as SQL injection, OS command injection, HTML injection, and so on.
These vulnerabilities are usually caused by a poor input validation by the application. In this recipe, we will cover some of the best practices when processing user inputs and constructing queries that make use of them.
How to do it...
The first thing to do in order to prevent injection attacks is to properly validate inputs. On the server side, this can be done by writing our own validation routines; although the best option is using the language's own validation routines, as they are more widely used and tested. A good example is
filter_varin PHP or the validation helper in ASP.NET. For example, an e-mail validation in PHP would be similar to this:function isValidEmail($email){ return filter_var($email, FILTER_VALIDATE_EMAIL); }On the client side, validation...
