Content, Information and Security

Words: Sanitising Input

By - Editing
06.07.22 03:17 PM

Of all the terms in cybersecurity, I think this one is the most difficult to work out with no prior knowledge.

To sanitise. We’re familiar with the idea. To make clean. But what does that mean in a security context?

We’ve all seen form-fill boxes on Internet sites before. What we don’t usually see is how they work. Behind the scenes, code runs it all, takes the information you put into the box and processes it into databases or spreadsheets, or runs other functions with it.

But what happens if you put something unexpected into the box? Is there a possibility that when the code processes the unexpected content, it will run as more code instead?

This is where sanitisation comes into play. By running conversions on your text box before running content, for example by changing all symbols into universally recognised values (e.g. UTC), attempts to break out of boxes are foiled.

So, in the end, sanitising (cleaning) the input means that wherever it winds up, it will be pure content, and not malicious code breaking your system instead.

This is the first post in a series to explain cybersecurity terms for people with no background in cybersecurity or IT.