Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and strings to prevent the injection of harmful codes into the system.

Hackers use remote file inclusion (RFI) and injection attacks such as SQL injection (SQLi) and cross-site scripting (XSS) to exploit the gap in the interaction between the website and the server. They can encode special characters and execute unauthorized actions that compromise security. These types of attacks can be prevented with input sanitization in place.

An application receives queries and requests from untrusted sources that might expose the system to malicious attacks. Input sanitization ensures that the entered data conforms to subsystem and security requirements, eliminating unnecessary characters that can pose potential harm.

Sanitizing inputs

From the user s browser, data input travels through GET request, POST request, and cookies, which hackers can edit, modify, and manipulate to gain access to the web server. Input sanitization serves as a strainer to filter encoded data as it moves into the web server. This can be done in three ways:

  • Whitelist sanitizing allows only valid characters and code strings.
  • Blacklist sanitizing cleans the input by removing unwelcomed characters such as line breaks, extra white spaces, tabs, &, and tags.
  • Escape sanitizing rejects invalid data requests and strips inputs in order not to be seen as codes.

Benefits of input sanitization

Input sanitization is by no means a perfect means to ward off injection attacks and pernicious infiltration of a web server. But it has some advantages such as:

  • Providing a perimeter defense against common cyberattacks
  • Preventing some forms of remote file inclusion and injection attacks (Code injection, SQLi, and XSS)
  • Protecting the system from malicious code intrusions
  • Keeping the integrity of the web server, database, and other digital assets

 

 

 

 

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

Embedded Analytics

Embedded analytics brings self-service business intelligence to everyday application users.

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...