Message Screening (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can a service be protected from malformed or malicious input?
An attacker can transmit messages with malicious or malformed content to a service, resulting in undesirable behavior.
The service is equipped or supplemented with special screening routines that assume that all input data is harmful until proven otherwise.
When a service receives a message, it makes a number of checks to screen message content for harmful data.
Extra runtime processing is required with each message exchange, and the screening logic requires additional, specialized routines to process binary message content, such as attachments. It may also not be possible to check for all possible forms of harmful content.
PrinciplesStandardized Service Contract
Because the service logic is equipped with extra message screening routines, malicious or malformed data can still be detected and rejected before it has a chance to do harm.