Input Sanitization Definition & Meaning
Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and strings to prevent the injection of harmful codes into the system.
Hackers use remote file inclusion (RFI) and injection attacks such as SQL injection (SQLi) and cross-site scripting (XSS) to exploit the gap in the interaction between the website and the server. They can encode special characters and execute unauthorized actions that compromise security. With input sanitization in place, these types of attacks can be prevented.
An application receives queries and requests from untrusted sources that might expose the system to malicious attacks. Input sanitization ensures that the entered data conforms to subsystem and security requirements, eliminating unnecessary characters that can pose potential harm.
From the user’s browser, data input travels through GET request, POST request, and cookies, which hackers can edit, modify, and manipulate to gain access to the web server. Input sanitization serves as a strainer to filter encoded data as it moves into the web server. This can be done in three ways:
- Whitelist sanitizing allows only valid characters and code strings.
- Blacklist sanitizing cleans the input by removing unwelcomed characters such as line breaks, extra white spaces, tabs, &, and <script> tags.
- Escape sanitizing rejects invalid data requests and strips inputs in order not to be seen as codes.
Benefits of input sanitization
Input sanitization is by no means a perfect means to ward off injection attacks and pernicious infiltration of a web server. But it has some advantages such as:
- Providing a perimeter defense against common cyberattacks
- Preventing some forms of remote file inclusion and injection attacks (Code injection, SQLi, and XSS)
- Protecting the system from malicious code intrusions
- Keeping the integrity of the web server, database, and other digital assets
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »