Input validation related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A1:2017 Injection, A4:2017-XML External Entities (XXE), A7:2017-Cross-Site Scripting (XSS), and A8:2017-Insecure Deserialization. Some of the vulnerabilities listed under this category are as follows:
- Application not validating input both on the client side as well as the server side.
- Application allowing harmful blacklisted characters (<>;’”!()).
- Application vulnerable to injection flaws such as SQL injection, command injection, LDAP (Lightweight Directory Access Protocol) injection, and so on.
- Application vulnerable to Cross-Site Scripting attack. The image below shows a reflected Cross Site Scripting attacks:
- Application vulnerable to buffer overflows.