Search

Help

Page 8 of 13. Showing 123 results (0.006 seconds)

  1. Re: IDS00-J. Prevent SQL injection

    IIRC the space argument is that we had a space constraint on the first Java book, we didn't want it to exceed 750 pages. At the time we had 5-6 rules that said "prevent XXX injection". IDS00-J was a generalization of all these rules, and addressed all these problems from the theoretical basis of data sanitization
  2. IDS16-J. Prevent XML Injection

    is being sent, appropriate methods must be used to sanitize untrusted user input. This compliant solution validates that quantity is an unsigned integer: import … been built, sanitizing input before constructing XML yields better performance. Risk Assessment Failure to sanitize user input before processing or storing
  3. IDS54-J. Prevent LDAP injection

    . LDAP injection results from inadequate input sanitization and validation and allows malicious users to glean restricted information using the directory service … the user has access privileges. Compliant Solution This compliant solution uses a whitelist to sanitize user input so that the filter string contains only valid
  4. SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs

    sanitized (e.g. both sanitization and taint analysis are successful) and also (b) the results of the reflective operations are fully hidden (e.g. those results
  5. Re: ERR01-J. Do not allow exceptions to expose sensitive information

    . The argument for the current classification is that assuming all other rules are enforced (securing the filesystem, sanitizing database inputs...), an attacker cannot
  6. The Checker Framework

    Checker IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487877 Tainting Checker IDS08-J. Sanitize untrusted data included in a regular expression
  7. MEM03-C. Clear sensitive information stored in reusable resources

    = NULL; Compliant Solution To prevent information leakage, dynamic memory containing sensitive information should be sanitized before being freed. Sanitization … = (char *)calloc(size+1, sizeof(char)); if (!new_secret) { /* Handle error */ } strcpy(new_secret, secret); /* Process new_secret... */ /* Sanitize memory
  8. IDS53-J. Prevent XPath Injection

    sanitization. This attack is similar to SQL injection or XML injection (see IDS00-J. Sanitize untrusted data passed across a trust boundary https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Sanitize+untrusted+data+passed+across+a+trust+boundary). An attacker can enter valid SQL or XML constructs in the data
  9. IDS52-J. Prevent code injection

    code must be sanitized, for example, to ensure that it contains only valid, whitelisted characters. Sanitization is best performed immediately after the data has been input, using methods from the data abstraction used to store and process the data. Refer to IDS00-J. Sanitize untrusted data passed across a trust
  10. Unknown Applicability to Android (Java Rules/Recomendations)

    not been analyzed for applicability would be quite helpful here, since any human-process-only solution is much more fallible.   IDS00-J. Sanitize untrusted data … : https://www.securecoding.cert.org/confluence/display/java/Input+Validation+and+Data+Sanitization https://www.securecoding.cert.org/confluence/display/java/Input
    AndroidMay 07, 2015