#OASAM-DV: Data Validation
In this category, vulnerabilities related with input received from the user that ismanaged by the application will be included. Improper user data validation is one of the main attack vectors, due to the fact that it could allow an attacker to alter application’s data flow, injecting code and affecting in a serious manner the application and data stored in it. This category occupies the 4th place in the Mobile App Top 10 Risks entitled as “Client Side Injection”. Despite the origin of this type of vulnerability is the same, depending on the location of the interaction of data received from the user, different types of vulnerabilities with multiple impacts can take place.
The following controls are applied in this category:
OASAM-DV-001:Cross Site Scripting. HTML code injection.
OASAM-DV-002:Buffer Overflow. Buffer overflow.
OASAM-DV-003:SQL Injection. Command injection in databases.
OASAM-DV-004:Path Manipulation. Path injection in file access.
OASAM-DV-005:Dos Null Check in IPC. Null parameter checking.
OASAM-DV-006:Log Injection. Log injection.
OASAM-DV-007:Intent Injection. Injection Process Control via intent data.