23 of 31
Input/Output Validation
uTwo primary
methods of performing Input/Output validation
to prevent SQL injection, cross site scripting, and other types of attacks:
ØBlack
lists ensure that no invalid characters are used, i.e. single quotes (‘).
§Problem
if you did not anticipate a bad character in a blacklist.
ØWhite lists check to make sure that only characters from
an approved list are used
(i.e. only alphabetic letters)
§White
lists are typically considered more secure than black lists.
