OWASP Periodic Table of Vulnerabilities - Insufficient Process Validation

Saltar a: navegación, buscar

Return to Periodic Table Working View

Insufficient Process Validation

Root Cause Summary

The application fails to enforce business process rules, such as ordering of multi-step form submission or conditions on asynchronous transactions.

Browser / Standards Solution


Perimeter Solution


Generic Framework Solution

The generic framework should provide built-in support for multi-step forms which automatically checks for correct client state, including unexpected use of the "back" button, multiple submissions of the same form, and out-of-order access of form steps. The framework should expose configuration-based rules about how to handle each error condition.

Custom Framework Solution


Custom Code Solution

Developers must remember to explicitly enforce all business and process rules for every transaction, including every individual step of a multi-step transaction.

Discussion / Controversy


Insufficent Process Validation (WASC)