Business Logic / Element Is Not Being Deleted after Delete
Element is not being deleted after delete is a type of vulnerability categorized under Business Logic (CWE-434), which can potentially occur in Web and API applications. This vulnerability occurs when a web or API application fails to delete an element from its database even after the element has been deleted. This can lead to the malicious user getting access to the deleted elements and using it for further malicious activities (OWASP Testing Guide, 2019).
The risk of element not being deleted after delete is high, as this can lead to malicious users accessing confidential information. This can even lead to a data breach, which can be disastrous for a business.
The solution to this vulnerability is to ensure that the element is deleted from the database after it has been deleted. This can be done by using a delete query that deletes the element from the database. Additionally, the application should also be tested for this vulnerability, to ensure that it is not present in the application.
// Sample code Delete from Employee where id = 123
The above code is a sample code for deleting an element from the database. This code ensures that the element with the id 123 is deleted from the database and is not accessible by malicious users.