Questions about this topic? Sign up to ask in the talk tab.

Filter bypass

From NetSec
Jump to: navigation, search

Filter evasion is the process of crafting payloads or strings that bypass or evade improper, partial, or incomplete sanitizing methods put in place for security purposes on different types of user inputs. Filters may be at the software, service, or network layer - and therefore a variety of techniques exist to perform IDS evasion as well as filters put in place on inputs by applications.

Many other bypasses are possible, therefore input whitelisting rather than character removal or blacklisting is the best alternative to being vulnerable to filter evasion.