...
Software programs often contain multiple components that act as subsystems wherein each component operates in one or more trusted domains. For example, one component may have access to the file system but lack access to the network, while another component has access to the network but lacks access to the file system. Distrustful decomposition and privilege separation [Dougherty 2009] are examples of secure design patterns that reduce the amount of code that runs with special privileges by designing the system using mutually untrusting components.
...
- Operating system command interpreter (see IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method)
- A data repository with a SQL-compliant interface (see IDS00-J. Prevent SQL Injection)
- XML parser (see IDS16-J. Prevent XML Injection and IDS17-J. XML External Entity Attacks)
- Regular expression engines (see IDS08-J. Sanitize untrusted data included in a regular expression)
- Formatted output methods (see IDS06-J. Exclude unsanitized user input from format strings)
- XPath evaluators
- Lightweight Directory Access Protocol (LDAP) directory service
- Script engines
Bibliography
| [Seacord 2015] |