Under section 3 System Boundaries and Components, for the front-end hazards, one of the first risks noted was User Input Errors which identifies that certain inputs may not be validated on the frontend which can lead to consequences such as incorrectly labeled data and unauthorized access attempts. In mitigating this risk, you've identified in order to resolve non validated inputs you would "Implement thorough input validation". This risk mitigation strategy seems quite generic. Will this be implemented via an external third-party validation library, through an API or a custom in-house implementation? Alternatively to what degree should the validation be done to be considered sufficiently 'sanitized'?
angelaw7
commented
1 week ago
Artifact Under Review
HazardAnalysis.pdf
Team Number for Team Doing the Review
Team 10
Description of Issue
Under section 3 System Boundaries and Components, for the front-end hazards, one of the first risks noted was User Input Errors which identifies that certain inputs may not be validated on the frontend which can lead to consequences such as incorrectly labeled data and unauthorized access attempts. In mitigating this risk, you've identified in order to resolve non validated inputs you would "Implement thorough input validation". This risk mitigation strategy seems quite generic. Will this be implemented via an external third-party validation library, through an API or a custom in-house implementation? Alternatively to what degree should the validation be done to be considered sufficiently 'sanitized'?