Title: STR02-C. Sanitize data passed to complex subsystems  
Author: Robert Seacord Aug 28, 2006
Last Changed by: Jill Britton Jul 24, 2025
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/GdcxBQ
Export As: Word · PDF  
Incoming Links
SEI CERT Oracle Coding Standard for Java (2)
    Page: IDS16-J. Prevent XML Injection
    Page: IDS00-J. Prevent SQL injection
SEI CERT Perl Coding Standard (1)
    Page: IDS33-PL. Sanitize untrusted data passed across a trust boundary
CERT Secure Coding (1)
    Page: Top 10 Secure Coding Practices
SEI CERT C Coding Standard (3)
    Page: ENV03-C. Sanitize the environment when invoking external programs
    Page: MSC09-C. Character encoding: Use subset of ASCII for safety
    Page: ENV33-C. Do not call system()
Hierarchy
Parent Page
    Page: Rec. 07. Characters and Strings (STR)