Guidelines
IDS00-J. Always validate user input
IDS01-J. Sanitize before processing or storing user input
IDS02-J. Validate strings after performing normalization
IDS03-J. Do not delete non-character code points
IDS04-J. Properly encode or escape output
IDS05-J. Library methods should validate their parameters
IDS06-J. Prevent OS Command Injection
IDS07-J. Prevent against SQL Injection
IDS08-J. Prevent XML Injection
IDS09-J. Prevent XPath Injection
IDS10-J. Prevent XML external entity attacks
IDS11-J. Prevent against LDAP injection
IDS12-J. Prevent against code injection
IDS13-J. Account for supplementary and combining characters in globalized code
IDS14-J. Perform loss less conversion of String to given encoding and back
IDS15-J. Prefer using URIs to URLs
IDS16-J. Do not use locale dependent methods on locale insensitive data
IDS17-J. Understand how escape characters are interpreted when String literals are compiled
Risk Assessment Summary
Recommendations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
IDS00- J |
high |
probable |
medium |
P12 |
L1 |
IDS01- J |
low |
probable |
medium |
P4 |
L3 |
IDS02- J |
low |
probable |
medium |
P4 |
L3 |
IDS03- J |
high |
probable |
medium |
P12 |
L1 |
IDS04- J |
medium |
probable |
high |
P4 |
L3 |
IDS05- J |
medium |
probable |
medium |
P8 |
L2 |
IDS06- J |
medium |
probable |
medium |
P8 |
L2 |
IDS07- J |
low |
unlikely |
high |
P1 |
L3 |
IDS08- J |
high |
probable |
medium |
P12 |
L1 |
IDS09- J |
low |
unlikely |
medium |
P2 |
L3 |
IDS10- J |
high |
probable |
medium |
P12 |
L1 |
IDS11- J |
high |
probable |
medium |
P12 |
L1 |
IDS12- J |
medium |
probable |
medium |
P8 |
L2 |
IDS13- J |
high |
probable |
medium |
P12 |
L1 |
IDS14- J |
medium |
probable |
medium |
P8 |
L2 |
IDS15- J |
medium |
probable |
high |
P4 |
L3 |
FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code The CERT Sun Microsystems Secure Coding Standard for Java IDS00-J. Always validate user input