OWASP Periodic Table of Vulnerabilities - Insufficient Process Validation

From OWASP
Jump to: navigation, search

Return to Periodic Table Working View

Contents

Insufficient Process Validation

Root Cause Summary

The application fails to enforce business process rules, such as ordering of multi-step form submission or conditions on asynchronous transactions.

Browser / Standards Solution

N/A

Perimeter Solution

N/A

Generic Framework Solution

The generic framework should provide built-in support for multi-step forms which automatically checks for correct client state, including unexpected use of the "back" button, multiple submissions of the same form, and out-of-order access of form steps. The framework should expose configuration-based rules about how to handle each error condition.

Custom Framework Solution

N/A

Custom Code Solution

Developers must remember to explicitly enforce all business and process rules for every transaction, including every individual step of a multi-step transaction.

Discussion / Controversy

References

Insufficent Process Validation (WASC)