The application server must check the validity of data inputs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35436	SRG-APP-000251-AS-000165	SV-46723r1_rule		Medium

Description
Invalid user input occurs when a user inserts data or characters into an applications data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. Application servers must ensure their management interfaces perform data input validation checks. Input validation consists of evaluating user input and ensuring that only allowed characters are utilized. An example is ensuring that the interfaces are not susceptible to SQL injection attacks.

Description

Invalid user input occurs when a user inserts data or characters into an applications data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. Application servers must ensure their management interfaces perform data input validation checks. Input validation consists of evaluating user input and ensuring that only allowed characters are utilized. An example is ensuring that the interfaces are not susceptible to SQL injection attacks.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43790r1_chk )
Review the AS configuration to determine if the system checks the validity of information inputs. If this function cannot be performed, this is a finding.

Fix Text (F-39980r1_fix)
Configure the AS to check the validity of information inputs.