This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Sample form

From OWASP
Jump to: navigation, search




Review /Engagement reference:

Package/Component/Class Name

 

Finding description

Location(S)

Severity

Recommendation

 

No input validation of the HTTPRequest object.getID() function.

 

Lack of input validation may make the application vulnerable to many types of injection

 

com.inc.dostuff.java

Lines 20, 55,106

 

com.inc.main.java

Lines 34, 99

 

Critical

 

Required □

 

Recommended □

 

Informational □

 

 

It is critical that this be addressed prior to deployment to production

 

Retrieved from "https://wiki.owasp.org/index.php?title=Sample_form&oldid=38115"