It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.
The software contains a data query against an SQL table or view
that is configured in a way that does not utilize an index and may cause
sequential searches to be performed.
An unused validation form indicates that validation logic is not up-to-date.
It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form.
The software contains a serializable, storable data element such as a field or member,
but the data element contains member elements that are not
serializable.