Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Input Validation and Data Sanitization (IDS)

Created by Dhruv Mohindra, last modified by David Svoboda on Aug 20, 2010

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

IDS00-J. Always validate user input

IDS01-J. Sanitize before processing or storing user input

IDS02-J. Validate strings after performing normalization

IDS03-J. Do not delete non-character code points

IDS04-J. Properly encode or escape output

IDS05-J. Library methods should validate their parameters

IDS06-J. Prevent OS Command Injection

IDS07-J. Prevent SQL Injection

IDS08-J. Prevent XML Injection

IDS09-J. Prevent XPath Injection

IDS10-J. Prevent XML external entity attacks

IDS11-J. Prevent LDAP injection

IDS12-J. Prevent code injection

IDS13-J. Account for supplementary and combining characters in globalized code

IDS14-J. Perform loss less conversion of String to given encoding and back

IDS15-J. Prefer using URIs to URLs

IDS16-J. Do not use locale dependent methods on locale insensitive data

IDS17-J. Understand how escape characters are interpreted when String literals are compiled

IDS18-J. Check that inputs do not produce excessive resource consumption

Risk Assessment Summary

Guideline	Severity	Likelihood	Remediation Cost	Priority	Level
IDS00-J	high	probable	medium	P12	L1
IDS01-J	high	probable	medium	P12	L1
IDS02-J	high	probable	medium	P12	L1
IDS03-J	high	probable	medium	P12	L1
IDS04-J	high	probable	medium	P12	L1
IDS05-J	medium	probable	high	P4	L3
IDS06-J	high	probable	medium	P12	L1
IDS07-J	medium	probable	high	P4	L3
IDS08-J	medium	probable	medium	P8	L2
IDS09-J	medium	probable	medium	P8	L2
IDS10-J	medium	probable	medium	P8	L2
IDS11-J	high	likely	medium	P18	L1
IDS12-J	high	likely	medium	P18	L1
IDS13-J	low	unlikely	medium	P2	L3
IDS14-J	low	probable	medium	P4	L3
IDS15-J	low	probable	medium	P4	L3
IDS16-J	medium	probable	medium	P8	L2
IDS17-J	low	unlikely	high	P1	L3
IDS18-J	low	probable	high	P2	L3

FIO11-J. Do not attempt to read raw binary data as character data The CERT Oracle Secure Coding Standard for Java IDS00-J. Always validate user input

No labels