Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Input Sanitization and Data Validation (SDV)

Created by Dhruv Mohindra, last modified on Oct 14, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

SDV00-J. Validate user input

SDV01-J. Prefer using URIs to URLs

SDV02-J. Perform loss less conversion of String to given encoding and back

SDV03-J. Prevent OS Command Injection

SDV04-J. Prevent against SQL Injection

SDV05-J. Prevent XML Injection

SDV06-J. Prevent Xpath Injection

SDV06-J. Prevent Xpath Injection

SDV08-J. Understand how escape characters are interpreted when String literals are compiled

SDV09-J. Sanitize before processing or storing user input

SDV10-J. Account for supplementary and combining characters in globalized code

SDV11-J. Validate strings after performing normalization

SDV12-J. Do not delete non-character code points

SDV13-J. Prevent XML external entity attacks

SDV14-J. Properly encode or escape output

SDV15-J. Do not use locale dependent methods on locale insensitive data

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
SDV00- J	medium	unlikely	medium	P4	L3

OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources

No labels