Input and Output Architecture
V1.5.1
Verify that input and output requirements clearly define how to handle and process data based on type, content, and applicable laws, regulations, and other policy compliance.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 1029
V1.5.2
Verify that serialization is not used when communicating with untrusted clients. If this is not possible, ensure that adequate integrity controls (and possibly encryption if sensitive data is sent) are enforced to prevent deserialization attacks including object injection.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 502
V1.5.3
Verify that input validation is enforced on a trusted service layer. (C5)
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 602
V1.5.4
Verify that output encoding occurs close to or by the interpreter for which it is intended. (C4)
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 116
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
