Skip to content
Catalogs
XCCDF
Application Server Security Requirements Guide
SRG-APP-000251
The application server must check the validity of all data inputs to the management interface, except those specifically identified by the organization.
The application server must check the validity of all data inputs to the management interface, except those specifically identified by the organization. An XCCDF Rule
The application server must check the validity of all data inputs to the management interface, except those specifically identified by the organization.
Medium Severity
<VulnDiscussion>Invalid user input occurs when a user inserts data or characters into an applications data entry field and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application.
Application servers must ensure their management interfaces perform data input validation checks. Input validation consists of evaluating user input and ensuring that only allowed characters are utilized. An example is ensuring that the interfaces are not susceptible to SQL injection attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>