Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Guidelines

IDS00-J. Always validate user input

IDS01-J. Sanitize before processing or storing user input

IDS02-J. Validate strings after performing normalization

IDS03-J. Do not delete non-character code points

IDS04-J. Properly encode or escape output

IDS05-J. Library methods should validate their parameters

IDS06-J. Prevent OS Command Injection

IDS07-J. Prevent against SQL Injection

IDS08-J. Prevent XML Injection

IDS09-J. Prevent XPath Injection

IDS10-J. Prevent XML external entity attacks

IDS11-J. Prevent against LDAP injection

IDS12-J. Prevent against code injection

IDS13-J. Account for supplementary and combining characters in globalized code

IDS14-J. Perform loss less conversion of String to given encoding and back

IDS15-J. Prefer using URIs to URLs

IDS16-J. Do not use locale dependent methods on locale insensitive data

IDS17-J. Understand how escape characters are interpreted when String literals are compiled

Risk Assessment Summary

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

IDS00- J

high

probable

medium

P12

L1

IDS01- J

high

probable

medium

P12

L1

IDS02- J

high

probable

medium

P12

L1

IDS03- J

high

probable

medium

P12

L1

IDS04- J

high

probable

medium

P12

L1

IDS05- J

medium

probable

high

P4

L3

IDS06- J

high

probable

medium

P12

L1

IDS07- J

medium

probable

high

P4

L3

IDS08- J

medium

probable

medium

P8

L2

IDS09- J

medium

probable

medium

P8

L2

IDS10- J

medium

probable

medium

P8

L2

IDS11- J

high

likely

medium

P18

L1

IDS12- J

high

likely

medium

P18

L1

IDS13- J

low

unlikely

medium

P2

L3

IDS14- J

low

probable

medium

P4

L3

IDS15- J

low

probable

medium

P4

L3

IDS16- J

medium

probable

medium

P8

L2

IDS17- J

low

unlikely

high

P1

L3

Content by Label
showLabelsfalse
maxResults99
sorttitle
showSpacefalse
label+ids,-void
space@self

Image Added Image Added Image AddedFIO10-J. Do not let Runtime.exec() fail or block indefinitely      The CERT Sun Microsystems Secure Coding Standard for Java      IDS00-J. Always validate user input