Lack of input validation

Hi Colleagues

I just working on a project that has a few data validation. It just reported like three fields, and these fields save the data, the rest of the fields of the project are just for query data and reports.So I just being asked to search for these kind of inputs.

So given these rules,and seeing that the project have so many findings. What I should do ? I have some finding awaiting, but it’s a little bit tricky to report something that the project lacks.

If there are no more inputs that store data, there is nothing you can really do about it. I understand that finding new vulnerabilities in projects that already have many is sometimes hard, but that’s the challenge.

For input validation, you could explore all related things regarding encoding:

1 Like