This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Periodic Table of Vulnerabilities - Insufficient Process Validation

Jump to: navigation, search

Return to Periodic Table Working View

Insufficient Process Validation

Root Cause Summary

The application fails to enforce business process rules, such as ordering of multi-step form submission or conditions on asynchronous transactions.

Browser / Standards Solution


Perimeter Solution


Generic Framework Solution

The generic framework should provide built-in support for multi-step forms which automatically checks for correct client state, including unexpected use of the "back" button, multiple submissions of the same form, and out-of-order access of form steps. The framework should expose configuration-based rules about how to handle each error condition.

Custom Framework Solution


Custom Code Solution

Developers must remember to explicitly enforce all business and process rules for every transaction, including every individual step of a multi-step transaction.

Discussion / Controversy


Insufficent Process Validation (WASC)