A: You must ensure that ALL input data is properly verified and only the specific data requested is passed to the web application. For example, if the user is asked for a ZIP code only accept the digits 0-9 and perhaps a dash to be input. Check for the proper length and format of each data input field. Don't forget input areas such as search fields, "Contact Us" forms, etc.
|