After Matt, a user, enters his username and password at the login screen of a web enabled portal, the
following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?

A.
Proper error handling

B.
Proper input validation

C.
Improper input validation

D.
Improper error handling

Explanation:
Input validation is an aspect of secure coding and is intended to mitigate against possible user input
attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the
application before processing that input. The check could be a length, a character type, a language type,
or a domain.
Incorrect Answers:
A, D: Error handling is an aspect of secure coding. When errors occur, the system should revert back to a
secure state. This must be coded into the system, and should include error and exception handling.
C: Improper input validation would allow user input to be used as an attack vector. In such an event input
would not be checked and the use would not receive a message from the system.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 257
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 319, 320