Guidelines
IDS00-J. Always validate user input
IDS01-J. Prefer using URIs to URLs
IDS02-J. Perform loss less conversion of String to given encoding and back
IDS03-J. Prevent OS Command Injection
IDS04-J. Prevent against SQL Injection
IDS05-J. Prevent XML Injection
IDS06-J. Prevent XPath Injection
IDS07-J. Understand how escape characters are interpreted when String literals are compiled
IDS01-J. Sanitize before processing or storing user input
IDS09-J. Account for supplementary and combining characters in globalized code
IDS02-J. Validate strings after performing normalization
IDS03-J. Do not delete non-character code points
IDS12-J. Prevent XML external entity attacks
IDS04-J. Properly encode or escape output
IDS14-J. Do not use locale dependent methods on locale insensitive data
IDS15-J. Library methods should validate their parameters
IDS16-J. Prevent against LDAP injection
IDS17-J. Prevent against code injection
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
IDS00- J | high | probable | medium | P12 | L1 |
IDS01- J | low | probable | medium | P4 | L3 |
IDS02- J | low | probable | medium | P4 | L3 |
IDS03- J | high | probable | medium | P12 | L1 |
IDS04- J | medium | probable | high | P4 | L3 |
IDS05- J | medium | probable | medium | P8 | L2 |
IDS06- J | medium | probable | medium | P8 | L2 |
IDS07- J | low | unlikely | high | P1 | L3 |
IDS08- J | high | probable | medium | P12 | L1 |
IDS09- J | low | unlikely | medium | P2 | L3 |
IDS10- J | high | probable | medium | P12 | L1 |
IDS11- J | high | probable | medium | P12 | L1 |
IDS12- J | medium | probable | medium | P8 | L2 |
IDS13- J | high | probable | medium | P12 | L1 |
IDS14- J | medium | probable | medium | P8 | L2 |
IDS15- J | medium | probable | high | P4 | L3 |
Content by Label | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code The CERT Sun Microsystems Secure Coding Standard for Java IDS00-J. Always validate user input