Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Old Version 23

changes.mady.by.user Dhruv Mohindra

Saved on Oct 30, 2009

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on Aug 07, 2025

Key

This line was added.
This line was removed.
Formatting was changed.

Rules

Content by Label

showLabels	false
max	99
spaces	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpace	false
sort	title
cql	label = "rule" and label = "ids" and space = currentSpace()
labels	+ids +rule

Risk Assessment Summary

Rule	Severity	Likelihood	Detectable	Repairable	Priority	Level
IDS00-J	High	Likely	Yes	No	P18	L1
IDS01-J	High	Probable	No	No	P6	L2
IDS03-J	Medium	Probable	No	No	P4	L3
IDS04-J	Low	Probable	No	No	P2	L3
IDS06-J	Medium	Unlikely	Yes	No	P4	L3
IDS07-J	High	Probable	Yes	No	P12	L1
IDS08-J	Medium	Unlikely	Yes	No	P4	L3
IDS11-J	High	Probable	No	No	P6	L2
IDS14-J	High	Probable	No	No	P6	L2
IDS16-J	High	Probable	Yes	No	P12	L1
IDS17-J	Medium	Probable	No	No	P4	L3

...

Image Added Image Added Image Added

Recommendations

IDS00-J. Always validate user input

IDS01-J. Prefer using URIs to URLs

IDS02-J. Perform loss less conversion of String to given encoding and back

IDS03-J. Prevent OS Command Injection

IDS04-J. Prevent against SQL Injection

IDS05-J. Prevent XML Injection

IDS06-J. Prevent XPath Injection

IDS07-J. Understand how escape characters are interpreted when String literals are compiled

IDS08-J. Sanitize before processing or storing user input

IDS09-J. Account for supplementary and combining characters in globalized code

SDV10-J. Validate strings after performing normalization

SDV11-J. Do not delete non-character code points

SDV12-J. Prevent XML external entity attacks

SDV13-J. Properly encode or escape output

SDV14-J. Do not use locale dependent methods on locale insensitive data

SDV15-J. Library methods should validate their parameters

SDV16-J. Prevent against LDAP injection

SDV17-J. Prevent against code injection

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
SDV00- J	medium	unlikely	medium	P4	L3

OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources