7PK - Input Validation and Representation
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist when an application does not properly validate or represent input. According to the authors of the Seven Pernicious Kingdoms, "Input validation and representation problems are caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input."
The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource t...
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other us...
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes sp...
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutraliz...
This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.
- Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
NIST Workshop on Software Security Assurance Tools Techniques and Metrics