Skip to content

Injection: Improper Input Validation Injection

Identifier: improper_input

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Improper input validation injection happens when an application blindly accepts and processes user-supplied data without adequately checking it first. This oversight allows an attacker to insert harmful code—like malicious scripts—into the application, potentially tricking it into running that code. The risk here is that if such vulnerabilities are exploited, sensitive data could be stolen, sessions hijacked, or the app's behavior manipulated.

Developers often fall into pitfalls by not sanitizing inputs, assuming users won't provide harmful data, or misusing trusted functions, leaving the door open for attackers to misuse.

Configuration

Example

Example configuration:

---
security_tests:
  improper_input:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.