ASVS Requirement 15.3.7

• Level: 2
• Chapter: V15 Secure Coding and Architecture
• Section: V15.3 Defensive Coding
• Source: 0x24-V15-Secure-Coding-and-Architecture.md

Description

Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (query string, body parameters, cookies, or header fields).