Typosquatting happens when a user mistypes an input (e.g. URL, email, dependency package, etc.) and does not visually verify if it is correct. As a result, the user is directed to an adversary-controlled destination or may include a malicious dependency in their code. There are many varieties of typosquatting and a program should prevent them or warn the user.

Remediation:

• *Input Validation Strategy*: Assume all input is malicious and use an *"accept known good"* input validation strategy. Reject any input that does not conform to specifications
• When performing input validation, consider all potentially relevant properties including length, type, range of acceptable value, missing or extra inputs, syntax etc.
• Inputs should be decoded and canonicalized to the application's current internal representation before being validated (link:https://cwe.mitre.org/data/definitions/180.html[CWE-180])
• Make sure that the application does not decode the same input twice (link:https://cwe.mitre.org/data/definitions/174.html[CWE-174]). Such errors could be used to bypass allow list validation schemes by introducing dangerous inputs after they have been checked.