Business Logic / Element Is Not Being Deleted after Delete

Description

Element is not being deleted after delete is a type of vulnerability categorized under Business Logic (CWE-434), which can potentially occur in Web and API applications. This vulnerability occurs when a web or API application fails to delete an element from its database even after the element has been deleted. This can lead to the malicious user getting access to the deleted elements and using it for further malicious activities (OWASP Testing Guide, 2019).

Risk

The risk of element not being deleted after delete is high, as this can lead to malicious users accessing confidential information. This can even lead to a data breach, which can be disastrous for a business.

Solution

The solution to this vulnerability is to ensure that the element is deleted from the database after it has been deleted. This can be done by using a delete query that deletes the element from the database. Additionally, the application should also be tested for this vulnerability, to ensure that it is not present in the application.