...
- Operating system command interpreter (see IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method)
- A data repository with a SQL-compliant interface (see IDS00-J. Prevent SQL Injection)
- XML parser (see IDS16-J. Prevent XML Injection and IDS17-J. XML External Entity Attacks)
- Regular expression engines (see IDS08-J. Sanitize untrusted data included in a regular expression)
- Formatted output methods (see IDS06-J. Exclude unsanitized user input from format strings)
- XPath evaluators
- Lightweight Directory Access Protocol (LDAP) directory service
- Script engines
Bibliography
[Seacord 2015] | Injection attacks LiveLesson |