You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Recommendations

SDV00-J. Validate user input

SDV01-J. Prefer using URIs to URLs

SDV02-J. Perform loss less conversion of String to given encoding and back

SDV03-J. Prevent OS Command Injection

SDV04-J. Prevent against SQL Injection

SDV05-J. Prevent XML Injection

SDV06-J. Prevent Xpath Injection

SDV06-J. Prevent Xpath Injection

SDV08-J. Understand how escape characters are interpreted when String literals are compiled

SDV09-J. Sanitize before processing or storing user input

SDV10-J. Account for supplementary and combining characters in globalized code

SDV11-J. Validate strings after performing normalization

SDV12-J. Do not delete non-character code points

SDV13-J. Prevent XML external entity attacks

SDV14-J. Properly encode or escape output

SDV15-J. Do not use locale dependent methods on locale insensitive data

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SDV00- J

medium

unlikely

medium

P4

L3


OBJ38-J. Immutable classes must prohibit extension      The CERT Sun Microsystems Secure Coding Standard for Java      FIO00-J. Canonicalize path names originating from untrusted sources

  • No labels