 
                            Guidelines
IDS00-J. Always validate user input
IDS01-J. Sanitize before processing or storing user input
IDS02-J. Validate strings after performing normalization
IDS03-J. Do not delete non-character code points
IDS04-J. Properly encode or escape output
IDS05-J. Library methods should validate their parameters
IDS06-J. Prevent OS Command Injection
IDS07-J. Prevent SQL Injection
IDS08-J. Prevent XML Injection
IDS09-J. Prevent XPath Injection
IDS10-J. Prevent XML external entity attacks
IDS11-J. Prevent LDAP injection
IDS12-J. Prevent code injection
IDS13-J. Account for supplementary and combining characters in globalized code
IDS14-J. Perform loss less conversion of String to given encoding and back
IDS15-J. Prefer using URIs to URLs
IDS16-J. Do not use locale dependent methods on locale insensitive data
IDS17-J. Understand how escape characters are interpreted when String literals are compiled
IDS18-J. Check that inputs do not produce excessive resource consumption
Risk Assessment Summary
| Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| IDS00- J | high | probable | medium | P12 | L1 | 
| IDS01- J | high | probable | medium | P12 | L1 | 
| IDS02- J | high | probable | medium | P12 | L1 | 
| IDS03- J | high | probable | medium | P12 | L1 | 
| IDS04- J | high | probable | medium | P12 | L1 | 
| IDS05- J | medium | probable | high | P4 | L3 | 
| IDS06- J | high | probable | medium | P12 | L1 | 
| IDS07- J | medium | probable | high | P4 | L3 | 
| IDS08- J | medium | probable | medium | P8 | L2 | 
| IDS09- J | medium | probable | medium | P8 | L2 | 
| IDS10- J | medium | probable | medium | P8 | L2 | 
| IDS11- J | high | likely | medium | P18 | L1 | 
| IDS12- J | high | likely | medium | P18 | L1 | 
| IDS13- J | low | unlikely | medium | P2 | L3 | 
| IDS14- J | low | probable | medium | P4 | L3 | 
| IDS15- J | low | probable | medium | P4 | L3 | 
| IDS16- J | medium | probable | medium | P8 | L2 | 
| IDS17- J | low | unlikely | high | P1 | L3 | 
| Content by Label | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 
 | 
FIO11-J. Do not attempt to read raw binary data as character data The CERT Sun Microsystems Secure Coding Standard for Java IDS00-J. Always validate user input