From the course: Secure Coding in Go
Join today to access over 25,300 courses taught by industry experts.
Overview of input processing - Go Tutorial
From the course: Secure Coding in Go
Overview of input processing
- [Narrator] - A typical flow for a service handler is get a chunk of bites as input. Unmarshal these bites into a data structure and then work with the data. You cannot trust the data that your survey is getting and bad actors know how to exploit every step in this flow. For example, in the Tucker, a 10 to 100 gigabytes of data, if you try to read this data into memory, your application will crash. This crash will cause your application to stop responding and make your users unhappy and possibly leave you. Some serialization protocols have vulnerabilities as well. This XML will expand to about three gigabytes in memory, and you can get 42 kilobytes of zip file that will expand to about 4.5 petabytes of data. And even passing a floating point number to cause Java to hang. When the pack came out, I wrote to the company that uses Tomcat Java service. Attackers started sending us this value in the HTP accept language header,…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.