Search

Help

Page 2 of 13. Showing 123 results (0.009 seconds)

  1. Rec. 19. Input Validation and Data Sanitization (IDS)

    Contents Android Only C C++ Java recommendation-list
    AndroidMay 08, 2015

  2. Rule 19. Input Validation and Data Sanitization (IDS)

    Contents Android Only C C++ Java rule-list
    AndroidMay 08, 2015

  3. 00. Input Validation and Data Sanitization (IDS)

    Guidelines button_arrow_left.png https://www.securecoding.cert.org/confluence/display/jg/The+CERT+Oracle+Java+Coding+Guidelines button_arrow_up.png https://www.securecoding.cert.org/confluence/display/jg/The+CERT+Oracle+Java+Coding+Guidelines button_arrow_right.png https://www.securecoding.cert.org/confluence/displa
    SEI CERT Oracle Coding Standard for JavaSep 29, 2014

  4. Taint Analysis

    or decreased by amounts proportional to the number of iterations of the loop. Sanitization To remove the taint from a value, the value must be sanitized to ensure that it is in the defined domain of any restricted sink into which it flows. Sanitization is performed by replacement or termination. In replacement, out-of-domain
    SEI CERT C Coding StandardSep 12, 2023

  5. IDS14-J. Do not trust the contents of hidden form fields

    that accepts a visible field and a hidden field, and echoes them back to the user. The visible parameter is sanitized before being passed to the browser … ("Visible Parameter:"); out.println( sanitize(visible)); out.println("<br>Hidden Parameter:"); out.println(hidden); } else
    SEI CERT Oracle Coding Standard for JavaJul 27, 2023

  6. IDS00-J. Prevent SQL injection

    may maliciously alter the query, resulting in information leaks or data modification. The primary means of preventing SQL injection are sanitization … to inject validuser' OR '1'='1. The password argument cannot be used to attack this program because it is passed to the hashPassword() function, which also sanitizes
    SEI CERT Oracle Coding Standard for JavaMay 01, 2023

  7. The Checker Framework

    Checker IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487877 Tainting Checker IDS08-J. Sanitize untrusted data included in a regular expression
    SEI CERT Oracle Coding Standard for JavaFeb 08, 2024

  8. IDS03-J. Do not log unsanitized user input

    a carriage return and line feed (CRLF) sequence to mislead an auditor. Log injection attacks can be prevented by sanitizing and validating any untrusted input sent … data sanitization. if (loginSuccessful) { logger.severe("User login succeeded for: " + username); } else { logger.severe("User login failed
    SEI CERT Oracle Coding Standard for JavaAug 06, 2021

  9. IDS51-J. Properly encode or escape output

    Proper input sanitization can prevent insertion of malicious data into a subsystem such as a database. However, different subsystems require different types of sanitization. Fortunately, it is usually obvious which subsystems will eventually receive which inputs, and consequently what type of sanitization is required
    SEI CERT Oracle Coding Standard for JavaJan 10, 2023

  10. ENV33-C. Do not call system()

    an unsanitized or improperly sanitized command string originating from a tainted source If a command is specified without a path name and the command processor path name … . This noncompliant code example also violates STR02-C. Sanitize data passed to complex subsystems. Compliant Solution (POSIX) In this compliant solution, the call
    SEI CERT C Coding StandardApr 20, 2023