OWASP Periodic Table of Vulnerabilities - Insufficient Process Validation

From OWASP
Revision as of 20:06, 17 June 2013 by James Landis (talk | contribs) (Created page with "Return to Periodic Table Working View == Insufficient Process Validation == === Root Cause Summ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Insufficient Process Validation

Root Cause Summary

The application fails to enforce business process rules, such as ordering of multi-step form submission or conditions on asynchronous transactions.

Browser / Standards Solution

N/A

Perimeter Solution

N/A

Generic Framework Solution

The generic framework should provide built-in support for multi-step forms which automatically checks for correct client state, including unexpected use of the "back" button, multiple submissions of the same form, and out-of-order access of form steps. The framework should expose configuration-based rules about how to handle each error condition.

Custom Framework Solution

N/A

Custom Code Solution

Developers must remember to explicitly enforce all business and process rules for every transaction, including every individual step of a multi-step transaction.

Discussion / Controversy

References

Insufficent Process Validation (WASC)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_Insufficient_Process_Validation&oldid=154009"