3.3 Input Validation

Description

All inputs MUST be validated against expected schemas, types, and value ranges.

Rationale

Unvalidated input is the root cause of most security vulnerabilities.

Audit Procedure

1. Identify all input sources
2. Check for input validation at each entry point
3. Verify length limits are enforced

Remediation

1. Define JSON schemas for structured inputs
2. Implement maximum length limits
3. Validate and sanitize file uploads

Framework Mappings