Cybersecurity
Input Sanitization
Definition
Input sanitization is the process of cleaning and filtering data that is provided by a user or another application to prevent it from causing harm to a system. This involves removing or modifying potentially malicious characters or code from the input.
Why It Matters
Input sanitization is a critical defense against many common web application vulnerabilities, especially injection attacks like SQL Injection and Cross-Site Scripting (XSS).
Contextual Example
A web application has a search box. Before using the user's search term in a database query, the application should sanitize it to remove any SQL special characters like single quotes or semicolons. This helps prevent SQL Injection.
Common Misunderstandings
- The core principle is "never trust user input."
- Sanitization should be performed in addition to other defenses like using prepared statements (for SQLi) and output encoding (for XSS).