ASP.NET Misconfiguration: Not Using Input Validation Framework
Weakness ID: 554 (Weakness Variant)Status: Draft
+ Description

Description Summary

The ASP.NET application does not use an input validation framework.

Extended Description

Unchecked input is the leading cause of vulnerabilities in ASP.NET applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Potential Mitigations

Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that: - Phone number fields contain only valid characters in phone numbers - Boolean values are only "T" or "F" - Free-form strings are of a reasonable length and composition

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory10ASP.NET Environment Issues
Development Concepts699
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Other Notes, Taxonomy Mappings, Type
2009-07-27CWE Content TeamMITREInternal
updated Other Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11ASP.NET Misconfiguration: Input Validation