ASP.NET Misconfiguration: Not Using Input Validation Framework

Draft Variant

Structure: Simple

Description

The ASP.NET application does not use an input validation framework.

Common Consequences 1

Scope: Integrity

Impact: Unexpected State

Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.

Potential Mitigations 1

Phase: Architecture and Design

Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that: - Phone number fields contain only valid characters in phone numbers - Boolean values are only "T" or "F" - Free-form strings are of a reasonable length and composition

Applicable Platforms

Languages:

ASP.NET : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

ChildOf:

Improper Use of Validation Framework (CWE-1173)

Taxonomy Mapping

Software Fault Patterns