Recommendations
SDV00-J. Always validate user input
SDV01-J. Prefer using URIs to URLs
SDV02-J. Perform loss less conversion of String to given encoding and back
SDV03-J. Prevent OS Command Injection
SDV04-J. Prevent against SQL Injection
SDV05-J. Prevent XML Injection
SDV06-J. Prevent XPath Injection
SDV07-J. Understand how escape characters are interpreted when String literals are compiled
SDV08-J. Sanitize before processing or storing user input
SDV09-J. Account for supplementary and combining characters in globalized code
SDV10-J. Validate strings after performing normalization
SDV11-J. Do not delete non-character code points
SDV12-J. Prevent XML external entity attacks
SDV13-J. Properly encode or escape output
SDV14-J. Do not use locale dependent methods on locale insensitive data
SDV15-J. Library methods should validate their parameters
SDV16-J. Prevent against LDAP injection
Risk Assessment Summary
Recommendations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
SDV00- J |
medium |
unlikely |
medium |
P4 |
L3 |
OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources