The ASP.NET application does not use an input validation framework.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Architecture and Design
N/A
Implementation
N/A
Common Consequences
Impact: Unexpected State — Notes: Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
Potential Mitigations
Architecture and Design: Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that: Phone number fields contain only valid characters in phone numbers Boolean values are only "T" or "F" Free-form strings are of a reasonable length and composition (N/A)