OWASP Periodic Table of Vulnerabilities - Insufficient Process Validation
Insufficient Process Validation
Root Cause Summary
The application fails to enforce business process rules, such as ordering of multi-step form submission or conditions on asynchronous transactions.
Browser / Standards Solution
Generic Framework Solution
The generic framework should provide built-in support for multi-step forms which automatically checks for correct client state, including unexpected use of the "back" button, multiple submissions of the same form, and out-of-order access of form steps. The framework should expose configuration-based rules about how to handle each error condition.
Custom Framework Solution
Custom Code Solution
Developers must remember to explicitly enforce all business and process rules for every transaction, including every individual step of a multi-step transaction.