Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Input Validation and Data Sanitization (IDS)

Created by Dhruv Mohindra, last modified on Oct 30, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

IDS00-J. Always validate user input

IDS01-J. Prefer using URIs to URLs

IDS02-J. Perform loss less conversion of String to given encoding and back

IDS03-J. Prevent OS Command Injection

IDS04-J. Prevent against SQL Injection

IDS05-J. Prevent XML Injection

IDS06-J. Prevent XPath Injection

IDS07-J. Understand how escape characters are interpreted when String literals are compiled

IDS08-J. Sanitize before processing or storing user input

IDS09-J. Account for supplementary and combining characters in globalized code

IDS10-J. Validate strings after performing normalization

SDV11-J. Do not delete non-character code points

SDV12-J. Prevent XML external entity attacks

SDV13-J. Properly encode or escape output

SDV14-J. Do not use locale dependent methods on locale insensitive data

SDV15-J. Library methods should validate their parameters

SDV16-J. Prevent against LDAP injection

SDV17-J. Prevent against code injection

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
SDV00- J	medium	unlikely	medium	P4	L3

OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources

No labels