Description
The ASP.NET application does not use an input validation framework.
Potential Impact
Integrity
Unexpected State
Mitigations & Prevention
Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:
Related Weaknesses
Taxonomy Mappings
- Software Fault Patterns: SFP24 — Tainted input to command
Frequently Asked Questions
What is CWE-554?
CWE-554 (ASP.NET Misconfiguration: Not Using Input Validation Framework) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The ASP.NET application does not use an input validation framework.
How can CWE-554 be exploited?
Attackers can exploit CWE-554 (ASP.NET Misconfiguration: Not Using Input Validation Framework) to unexpected state. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-554?
Key mitigations include: Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:
What is the severity of CWE-554?
CWE-554 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.