Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
A
t
tachments (4)
Page History
Page Information
Resolved comments
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
Old Categories
Jira links
00. Input Validation and Data Sanitization (IDS)
Created by
Dhruv Mohindra
, last modified by
Carol J. Lallier
on
Sep 29, 2014
Guidelines
Page:
IDS00-J. Prevent SQL injection
Page:
IDS01-J. Normalize strings before validating them
Page:
IDS02-J. Canonicalize path names before validating them
Page:
IDS03-J. Do not log unsanitized user input
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
IDS05-J. Use a safe subset of ASCII for file and path names
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
IDS09-J. Specify an appropriate locale when comparing locale-dependent data
Page:
IDS10-J. Don't form strings containing partial characters
Page:
IDS11-J. Perform any string modifications before validation
Page:
IDS13-J. Use compatible character encodings on both sides of file or network IO
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
IDS15-J. Do not allow sensitive information to leak outside a trust boundary
Page:
IDS16-J. Prevent XML Injection
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
IDS50-J. Use conservative file naming conventions
Page:
IDS51-J. Properly encode or escape output
Page:
IDS52-J. Prevent code injection
Page:
IDS53-J. Prevent XPath Injection
Page:
IDS54-J. Prevent LDAP injection
Page:
IDS55-J. Understand how escape characters are interpreted when strings are loaded
Page:
IDS56-J. Prevent arbitrary file upload
Page:
Rec. 00. Input Validation and Data Sanitization (IDS)
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
No labels
Overview
Content Tools
{"serverDuration": 85, "requestCorrelationId": "96c1b722762fdfe4"}
