One of our web page is a contact form eg name, email, and a textbox for sending

Question

One of our web page is a contact form eg name, email, and a textbox for sending comments. It seems like if we leave all of those text fields blank and click the submit button, it still went through without giving any errors. Would you consider that a vulnerability, as I think an attack could be automated to submit the form and cause a DOS? in such a case, would implementing re-captcha the best to prevent DOS from happening? what other types of attacks can be used ? I am trying to mitigate as much attack vectors as possible. thanks.

Explanation / Answer

No - I would't not consider the ability to submit an empty form as a security vulnerability. I can't think of a reason that the ability to submit an empty form would be more vulnerable than the ability to submit a form with valid or even dummy data.

It is an indication of a poorly written application - and if I came across this I would suspect that there are real vulnerabilities throughout the site, but you can't say for sure without doing an audit.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.