It is logical to assume that incorrect data that cannot satisfy certain user requests can (and should) cause some kind of software malfunction. But what does this mean more extensively?

For example, some part of software gets an exception when converting a line to a valid number in the case when the line initially contains an invalid format. Naturally, if this exception is not detected and processed in time, this whole situation will lead to abnormal program termination.

But in most cases, it is in the highest degree improbable. Most likely, at some stage, a special eavesdropper will work, which will either give the user information about the defect or make an entry in the log, after which the software will automatically recover from a system failure and continue its operation. In other words, [highlight dark=”no”]if the validation fails, most likely nothing critical will happen.[/highlight]

But still, there can be some incorrect results of the lack of validation. Further, we will analyze them in more detail.

1. There’s No Way to Restore the Software Performance After the Failure.

Not every time an application can reverse everything. Maybe, in the course of the process, the software will be able to perform some actions that cannot be reversed (delete a certain file, send information via a network, print something on a printer connected to the local PC, and so on). But even if the recovery process is possible, the actions applied to restore the system may also contain bugs, and from time to time this will lead to some negative processes.

2. The Additional Load on the Software.

The recovery process after a failure is an additional waste of time. All activity performed before the crash process is also redundant. As a result, we get a good additional load on the system, which basically can be bypassed if the information is tested in advance. But, on the other hand, verification (validation) is also an auxiliary load, and the recovery process needs to be done rarely and tested every time, so it’s not entirely clear which is more profitable.

3. Injections Do Not Affect Crashes.

The basic way to exploit web vulnerabilities in software is to take advantage of connected validators. That is, to report information that will be correct for the validator, but, with all this, they are interpreted in a completely incomprehensible way. As a result, any hypothetical hacker can gain unauthorized access to some software functions or can break the structure of information or the entire web product. If there is no validation at all, the task of hackers is reduced to the simplest manipulations.

4. Difficulties in Comparing the Causes of Emerging Problems.

If the some exception has appeared somewhere in the application, it is extremely difficult to find the reasons for its occurrence. And even if this happens, it will most likely be very difficult to prove to the user that this failure is related to the data that he/she entered some time ago in a completely different place. And if the verification occurs immediately after entering the information, there will be easy to identify the cause of the defect!

Short Conclusion

In simple terms, the complete lack of validation can lead to the problems mentioned above. So, only the validation will make it possible to prevent critical failures, which are highly undesirable when using any software.