This purpose of this chapter is to study unexpected input, how it is dangerous, techniques to eradicate vulnerabilities, and tools used to handle unexpected data. To interact with a user, an application must accept user-supplied data. It could be in a simple form or a complex stream. In either case, the user may submit data the application was not expecting. The result could be nil, or it could modify the intended response of the application. It could lead to the application providing information to users that they would not normally be able to get, or it could interfere with the application or underlying system. Three classes of attack can result from unexpected data: buffer overflow, system functions, and logic alteration. There is o concrete distinction between attacks and particular attacks may fall into multiple classes. The actual format of the unexpected data varies; an unexpected data attack could be as simple as supplying a normal value that modifies the application's intended logical execution. This format usually requires very little technical prowess. There are attacks that succeed due to the inclusion of special meta-characters that have alternate meaning to the application, or the system supporting it.