Common Weakness

Editing

Input validation

If we don’t validate input properly, Hacker can alter control flow, change the code execution, or get the Important file informations

e.g:
CWE-790
CWE-116
CWE-138

Defense

  1. Consider all the aspect:Value Type / Length / Format / Expired Time / Effect Scope and so on
  2. Assume all input is malicious, Only accept the thing that we know, That means we only set the whiltlist