> Input validation is performed to ensure only properly formed data is entering > the workflow in an information system, preventing malformed data from > persisting in the database and triggering malfunction of various downstream > components. Input validation should happen as early as possible in the data > flow, preferably as soon as the data is received from the external party. > > Data from all potentially untrusted sources should be subject to input > validation, including not only Internet-facing web clients but also backend > feeds over extranets, from [suppliers, partners, vendors or > regulators](https://badcyber.com/several-polish-banks-hacked-information-stolen-by-unknown-attackers/), > each of which may be compromised on their own and start sending malformed > data. > > Input Validation should not be used as the primary method of preventing > [XSS](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html), > [SQL > Injection](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) > and other attacks which are covered in respective [cheat > sheets](https://cheatsheetseries.owasp.org/) but can significantly contribute > to reducing their impact if implemented properly.
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/UGSjWB0yN5mSHouGwK5tTmvXmJ0kuJmESgGaRdTh8Q4MKH4lvv6US_mn0t_rTdMV6U8ehA7yyeGDEdYieUPvnO3qCNDBY7u3JXVCOcQ3W6k%3D%40protonmail.com.
