OWASP AppSec EU 2018 Developer Track - Day 1, talk 1

Full Title: Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications

The most difficult fields to validate are so called free text fields", as the most frequent stereotype of web application input valiation goes, becomes even more complicated when the free text contains multi-language Unicode. Unicode is indeed complicated and tricky to get right on the first try, but for application defenders it's actually a great tool to get the input validation right. This talk will clear misconceptions about Unicode input validation, explain what Unicode normalization, canonicalization and character classes are, and how these can be used to make your input validation bulletproof rather than cause head aches.

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...