CWE-554
ASP.NET Misconfiguration: Not Using Input Validation Framework
Description
The ASP.NET application does not use an input validation framework.
Consequences
Integrity
—
Unexpected State
Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
Mitigations
Phase: Architecture and Design
Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that: Phone number fields contain only valid characters in phone numbers Boolean values are only "T" or "F" Free-form strings are of a reasonable length and composition