Should be in the OWASP Testing Guide, under Data Validation Testing or Client Side Testing
Reporting
| CVSS Score v3 | Variable |
| CVSS Vector v3 | Example: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N&version=3.1 |
English
| Title | Client-side input validation bypassed |
| Description | Input validation is done on the client-side using Javascript, and can be bypassed by calling the API directly. |
| Steps to reproduce | Depends on the validation. Include screenshots. |
| Remediation | It is recommended to validate every user input received by APIs or back-end. NEVER TRUST USER INPUTS. Difficulty level to fix this vulnerability is assessed at “Simple”. |
| CVSS Score v3 | 0 (Info) |
| CVSS Vector v3 | N/A |
English
| Title | Insufficient input validation |
| Description | |
| Steps to reproduce | To complete Include screenshots. |
| Remediation | It is recommended to… Difficulty level to fix this vulnerability is assessed at “Very complex, Complex, Moderate, Simple”. |
French
| Title | Validation des entrées |
| Description | Le backend de l’application web s’attend à certaines valeurs pour ses entrées (paramètres) et réagit anormalement lorsque des entrées différentes sont utilisées (ex. HTTP 500 Internal Server Error). |
| Steps to reproduce | To complete Include screenshots. |
| Remediation | Il est recommandé de bien valider toutes les entrées. Même lorsque l’interface utilisateur ne permet pas d’utiliser certaines valeurs, toujours assumer que les valeurs peuvent être modifiées lors de l’envoi de la requête au serveur. La difficulté de correction est évaluée à “Moyenne”. |