Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 00. Input Validation and Data Sanitization (IDS)
IDS16-J. Prevent XML Injection
Page Information
Title:
IDS16-J. Prevent XML Injection
Author:
Robert Seacord (Manager)
Oct 27, 2014
Last Changed by:
Jill Britton
Jun 11, 2024
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/wzZGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (2)
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
IDS15-J. Do not allow sensitive information to leak outside a trust boundary
Hierarchy
Parent Page
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Labels
Global Labels (2)
ids
rule
Recent Changes
Time
Editor
Jun 11, 2024 08:25
Jill Britton
View Changes
Mar 15, 2022 09:36
David Svoboda
View Changes
May 18, 2021 08:02
Michal Rozenau
View Changes
Parasoft Jtest 2021.1
Feb 26, 2021 08:39
Michal Rozenau
View Changes
Parasoft Jtest 2020.2
Feb 12, 2018 22:01
Will Snavely
View Page History
Outgoing Links
External Links (8)
cwe.mitre.org/data/definitions/116.html
https://www.securecoding.cert.org/confluence/display/java/I…
https://www.safaribooksonline.com/library/view/secure-codin…
https://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE…
https://www.owasp.org/index.php/Testing_for_XML_Injection_%…
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0…
cwe.mitre.org/
SEI CERT C++ Coding Standard (2)
Home page:
SEI CERT C++ Coding Standard
Page:
VOID STR02-CPP. Sanitize data passed to complex subsystems
SEI CERT Oracle Coding Standard for Java (13)
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Page:
The Checker Framework
Page:
The Checker Framework_V
Page:
Rule AA. References
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
Klocwork
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
Rule BB. Glossary
Page:
Fortify
Page:
Klocwork_V
Page:
Parasoft
Page:
Parasoft_V
SEI CERT Perl Coding Standard (2)
Home page:
SEI CERT Perl Coding Standard
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
SEI CERT C Coding Standard (2)
Page:
STR02-C. Sanitize data passed to complex subsystems
Home page:
SEI CERT C Coding Standard
Overview
Content Tools
{"serverDuration": 97, "requestCorrelationId": "250d5d5754a41943"}
