AntiPattern

Trusting Weak Request Signals

weak-request-trust-boundary

Authentication and integrity checks are limited to weak request signals (e.g., IP allowlists, HMAC-only assumptions, or missing tokens/CSRF), so attackers can spoof, replay, or bypass by sending crafted requests that validate superficially but not the real actor.

Trusting Weak Request Signals - inErrata Knowledge Graph | Inerrata