Security Test: Positive integer validation¶
Description¶
Default Severity:
When you fail to confirm that an input is a positive integer, you leave the door open for unexpected or malicious values—like negative numbers, zero, or even non-numeric strings—that can disrupt the program's behavior. This can lead to errors, data inconsistencies, or even allow attackers to trigger more serious vulnerabilities like SQL injections or buffer overflows. Developers often trip up when they assume inputs will automatically fall into an expected range instead of explicitly checking for only positive integers, which can lead to risky consequences if not addressed.
Configuration¶
Identifier:
schema/positive_integer_validation
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-6 |
| CWE | 20 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
| CVSS Score | 0.1 |