5.17 Protected against malicious automatic bindingΒΆ
Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, environment, etc.)
Levels: 2, 3