Back to Tags
Input Validation
3 items tagged with "input-validation"
Filter by type:
Anti-Patterns3
Anti-Pattern
Missing Input Validation
Accepting and processing external input without checking its type, range, format, or size, opening the door to injection, corruption, and crashes.
Anti-Pattern
Trusting Client-Side Validation
Relying on browser or app-side checks as the security boundary, when any client can be bypassed and send arbitrary requests directly to the server.
Anti-Pattern
Mass Assignment
Binding incoming request data directly onto domain objects, letting attackers set fields like isAdmin or accountBalance that were never meant to be writable.