Controls

Terug naar overzicht
Version

SB.14.005 Input and Output Filtering

Low
Low
Low
Secure Development
System Owner
v2.0 (Q1 2024)

Description

All variable information that gets sent by a client is filtered and sanitized before being processed in the application. The same applies to user-selected output that is presented back to users. This avoids any unintentional side-effect of processed data.

Specification

Any input and output will adhere to the concept of ‘do not trust user in/output’. Normalisation, validation, and limitation should be applied during input and output

Any data entered by the user or processed as result of earlier entry should be handled in such a way it can’t cause any side-effects in the application.

In web application programming this means avoiding sql-injection, cross-site scripting and any other influence on the application or on the presentation to the user. This should be validated using vulnerability scanners.

In network traffic handling this means avoiding any side-effects or even crashes such as ping-of-death or other attacks on network stacks.

This also applies to third-party software used in data processing which must be updated when vulnerabilities are found.

Specification

ISO

Any input and output will adhere to the concept of ‘do not trust user in/output’. Normalisation, validation, and limitation should be applied during input and output

Any data entered by the user or processed as result of earlier entry should be handled in such a way it can’t cause any side-effects in the application.

In web application programming this means avoiding sql-injection, cross-site scripting and any other influence on the application or on the presentation to the user. This should be validated using vulnerability scanners.

In network traffic handling this means avoiding any side-effects or even crashes such as ping-of-death or other attacks on network stacks.

This also applies to third-party software used in data processing which must be updated when vulnerabilities are found

NBA