ASP.NET Misconfiguration: Not Using Input Validation Framework |
Weakness ID: 554 (Weakness Variant) | Status: Draft |
Description Summary
The ASP.NET application does not use an input validation framework.
Extended Description
Unchecked input is the leading cause of vulnerabilities in ASP.NET applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that: - Phone number fields contain only valid characters in phone numbers - Boolean values are only "T" or "F" - Free-form strings are of a reasonable length and composition |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 10 | ASP.NET Environment Issues | Development Concepts699 |
ChildOf | ![]() | 20 | Improper Input Validation | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Other Notes, Taxonomy Mappings, Type | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Other Notes | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | ASP.NET Misconfiguration: Input Validation | |||