|
|
Status: Incomplete Weakness ID: 179 (Weakness Base)Description Summary Software needs to validate data at the proper time, after data has been canonicalized and cleansed. Early validation is susceptible to various manipulations that result in dangerous inputs that are produced by canonicalization and cleansing. Modes of Introduction Since early validation errors usually arise from improperly implemented defensive mechanisms, it is likely that these will be introduced more frequently as secure programming becomes implemented more widely. Potential Mitigations Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass whitelist schemes by introducing dangerous inputs after they have been checked. Research Gaps These errors are mostly reported in path traversal vulnerabilities, but the concept applies anyplace where filtering occurs. Relationships
Taxonomy Mappings
Applicable Platforms Languages All Time of Introduction  ImplementationRelated Attack Patterns
Content History Submissions PLOVER. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction Veracode. 2008-08-15. (External) Suggested OWASP Top Ten 2004 mapping CWE Content Team. MITRE. 2008-09-08. (Internal) updated Modes_of_Introduction, Relationships, Taxonomy_Mappings Previous Entry Names Early Validation Errors (changed 2008-04-11) |
|
|
|||
