HP fortify scan gives me a message as Mass Assignment: Insecure Binder Configuration ( API Abuse, Structural ) for most of the Action Methods in my controller. Below is the example of the action method.
<HttpPost>
Function Edit(model as GridViewModel)
Dim manager as new Managers
manager.Edit(model.id, model.name, model.desc,model.class)
Return Nothing
End Function
When I tried following method the error was gone.
<HttpPost>
Function Edit(id as integer?,name as string, desc as string, class as string)
Dim manager as new Managers
manager.Edit(id, name, desc,class)
Return Nothing
End Function
But above code seems to be MVC bad practices. Please do suggest a method to overcome this issue.