Skip to content
Catalogs
XCCDF
Application Server Security Requirements Guide
SRG-APP-000447
The application server must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
The application server must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. An XCCDF Rule
The application server must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
Medium Severity
<VulnDiscussion>Invalid user input occurs when a user inserts data or characters into an applications data entry field and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application.
Application servers must ensure their management interfaces perform data input validation checks. When invalid data is entered, the application server must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. An example of a predictable behavior is trapping the data, logging the invalid data for forensic analysis if necessary, and continuing operation in a safe and secure manner.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>