You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

Recommendations

IDS00-J. Always validate user input

IDS01-J. Prefer using URIs to URLs

IDS02-J. Perform loss less conversion of String to given encoding and back

IDS03-J. Prevent OS Command Injection

IDS04-J. Prevent against SQL Injection

IDS05-J. Prevent XML Injection

IDS06-J. Prevent XPath Injection

IDS07-J. Understand how escape characters are interpreted when String literals are compiled

IDS08-J. Sanitize before processing or storing user input

IDS09-J. Account for supplementary and combining characters in globalized code

IDS10-J. Validate strings after performing normalization

IDS11-J. Do not delete non-character code points

IDS12-J. Prevent XML external entity attacks

IDS13-J. Properly encode or escape output

IDS14-J. Do not use locale dependent methods on locale insensitive data

IDS15-J. Library methods should validate their parameters

IDS16-J. Prevent against LDAP injection

IDS17-J. Prevent against code injection

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

IDS00- J

medium

unlikely

medium

P4

L3


FIO37-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code      The CERT Sun Microsystems Secure Coding Standard for Java      IDS00-J. Always validate user input

  • No labels