ASVS Requirement 15.3.3

• Level: 2
• Chapter: V15 Secure Coding and Architecture
• Section: V15.3 Defensive Coding
• Source: 0x24-V15-Secure-Coding-and-Architecture.md

Description

Verify that the application has countermeasures to protect against mass assignment attacks by limiting allowed fields per controller and action, e.g., it is not possible to insert or update a field value when it was not intended to be part of that action.