Out of Bound User Input
In many web applications, a user will fill out a form and submit the request. If the web application does not perform adequate user input validation, some of the user input that are out-of-bound maliciously or unintentionally may be accepted and may result in consequences not intended by the designed business function. For example, setting the quantity of a product on an e-commerce site as a negative number may result in funds being credited to the user. Another is example is to submit a text value larger than the application can handle, which may cause application errors and exceptions or even denial of service. Whether a user input is “out-of-bound” is determined by specific application logic. Typical examples include numeric values that fall outside of the expected range, text input that is either too long or too short, text input when a numeric value is expected, special characters not expected by the application, etc.