ASVS Requirement 2.2.1

• Level: 1
• Chapter: V2 Validation and Business Logic
• Section: V2.2 Input Validation
• Source: 0x11-V2-Validation-and-Business-Logic.md

Description

Verify that input is validated to enforce business or functional expectations for that input. This should either use positive validation against an allow list of values, patterns, and ranges, or be based on comparing the input to an expected structure and logical limits according to predefined rules. For L1, this can focus on input which is used to make specific business or security decisions. For L2 and up, this should apply to all input.