Input Validation

Input validation is essential to ensure that the data received is accurate, safe, and in the expected format, thereby preventing errors and vulnerabilities.

AllowList: Only allow good inputs, hard to implement, easy to maintain
- Better
DenyList: Block known bad inputs, easy to implement, difficult to maintain
- Worse
Make sure that client side and server side security is synchronized.

Type 0: Something infects the DOM (Document Object Model) and manipulates elements on the page - to create new attack vectors
- Manipulate elements and change the layout, nothing too bad, e.g. Adblockers, manipulate URL variables
Type 1: Reflection XSS, something from the server is repeated directly on the client, creating a man in the middle to inject malicious data or be as simple as changing the URL
- The client-side script will execute this potentially harmful code upon loading the page
Type 2: Persistent XSS, something is stored in a database and is loaded up by all users who visit

Close off quote, run command to manipulate database queries and gain unauthorized access to sensitive data.

Close brackets and quotes to execute unauthorized LDAP commands, potentially exposing user credentials or sensitive directory information.

Manipulating commands by injecting malicious code can lead to unauthorized execution on a server, allowing attackers to alter, delete, or exfiltrate critical system information.