...
- Operating system command interpreter (see guideline IDS06-J. Prevent OS Command InjectionDo not pass untrusted, unsanitized data to the exec() method)
- A data repository with an SQL-compliant interface (see guideline IDS07-J. Prevent SQL Injection)
- XML parser (see guideline IDS08-J. Prevent XML Injection)
- XPath evaluators (see guideline IDS09-J. Prevent XPath Injection)
- A SAX (Simple API for XML) or a DOM (Document Object Model) parser (see guideline IDS10-J. Prevent XML external entity attacks)
- Lightweight Directory Access Protocol (LDAP) directory service (see guideline IDS11-J. Prevent LDAP injection)
- Script engines (see guideline IDS12-J. Prevent code injection)
...