From c99e4d223bfd040579807f64cd63c07300b5119b Mon Sep 17 00:00:00 2001 From: wstgbot <62450690+wstgbot@users.noreply.github.com> Date: Thu, 24 Apr 2025 14:10:35 +0000 Subject: [PATCH] Publish Latest 2025-04-24 Updates based on OWASP/wstg@1971d26 --- .../01-Test_Business_Logic_Data_Validation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md b/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md index 86b9479..a9a8c8b 100644 --- a/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md +++ b/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md @@ -53,7 +53,7 @@ The bank account to which the payments were directed had only 1000 free transfer - Once found try to insert logically invalid data into the application/system. Specific Testing Method: - Perform frontend GUI Functional Valid testing on the application to ensure that the only "valid" values are accepted. -- Using an intercepting proxy observe the HTTP POST/GET looking for places that variables such as cost and quality are passed. Specifically, look for "hand-offs" between application/systems that may be possible injection or tamper points. +- Using an intercepting proxy observe the HTTP POST/GET looking for places that variables such as cost and quantity are passed. Specifically, look for "hand-offs" between application/systems that may be possible injection or tamper points. - Once variables are found start interrogating the field with logically "invalid" data, such as social security numbers or unique identifiers that do not exist or that do not fit the business logic. This testing verifies that the server functions properly and does not accept logically invalid data. ## Related Test Cases @@ -75,4 +75,4 @@ The application/system must ensure that only "logically valid" data is accepted ## References - [OWASP Proactive Controls (C5) - Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs) -- [OWASP Cheatsheet Series - Input_Validation_Cheat_Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html) +- [OWASP Cheat Sheet Series - Input_Validation_Cheat_Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)