CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Framework
The ASP.NET application does not use an input validation framework.
Last updated
Overview
CWE-554 (ASP.NET Misconfiguration: Not Using Input Validation Framework) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-554 is exploited.
Unexpected State
Affects: Integrity
Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-554, grouped by where in the lifecycle they apply.