In regards to secure coding practices, why is input validation important?

A.
It mitigates buffer overflow attacks.

B.
It makes the code more readable.

C.
It provides an application configuration baseline.

D.
It meets gray box testing standards.

Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed
more input data than it is programmed to handle. This may cause the application to terminate or to write
data beyond the end of the allocated space in memory. The termination of the application may cause the
system to send the data with temporary access to privileged levels in the system, while overwriting can
cause important data to be lost. Proper error and exception handling and input validation will help
prevent Buffer overflow exploits.
Incorrect Answers:
B: Code readability is a function of the integrated development environment (IDE) and the use of
indentation and formatting. It is not a function of input validation.
C: Application configuration baselining is the process of tuning the settings of an application to ensure it
operates at its optimal value while providing security and vulnerability protection.
D: Gray box testing is a form of penetration testing for software where the tester approaches the
software from a user perspective, analyzing inputs and outputs. They do have access to the source code
which they use to design their tests but they do not analyze the inner workings of the application during
their testing.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 219, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 197, 222