Page: FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding
|
Will Snavely |
Nov 16, 2017
|
Page: FIO12-J. Provide methods to read and write little-endian data
|
Michal Rozenau |
May 18, 2021
|
Page: FIO13-J. Do not log sensitive information outside a trust boundary
|
Michal Rozenau |
May 18, 2021
|
Page: FIO14-J. Perform proper cleanup at program termination
|
Michal Rozenau |
May 18, 2021
|
Page: FIO15-J. Do not reset a servlet's output stream after committing it
|
David Svoboda |
Feb 10, 2023
|
Page: FIO16-J. Canonicalize path names before validating them
|
Michal Rozenau |
Jun 12, 2023
|
Page: FIO50-J. Do not make assumptions about file creation
|
Will Snavely |
Nov 16, 2017
|
Page: FIO51-J. Identify files using multiple file attributes
|
Will Snavely |
Nov 16, 2017
|
Page: FIO52-J. Do not store unencrypted sensitive information on the client side
|
Will Snavely |
Nov 16, 2017
|
Page: FIO53-J. Use the serialization methods writeUnshared() and readUnshared() with care
|
Will Snavely |
Nov 16, 2017
|
Page: Fortify
|
David Svoboda |
Feb 08, 2024
|
Page: Fortify_V
|
Pranjal Jumde |
Oct 05, 2012
|
Page: IDS00-J. Prevent SQL injection
|
David Svoboda |
May 01, 2023
|
Page: IDS01-J. Normalize strings before validating them
|
Will Snavely |
Nov 16, 2017
|
Page: IDS02-J. Canonicalize path names before validating them
|
Will Snavely |
Nov 16, 2017
|
Page: IDS03-J. Do not log unsanitized user input
|
Jon O'Donnell |
Aug 06, 2021
|
Page: IDS04-J. Safely extract files from ZipInputStream
|
Alexandre GIGLEUX |
Dec 19, 2018
|
Page: IDS05-J. Use a safe subset of ASCII for file and path names
|
Will Snavely |
Nov 16, 2017
|
Page: IDS06-J. Exclude unsanitized user input from format strings
|
Michal Rozenau |
May 18, 2021
|
Page: IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
Jon O'Donnell |
Aug 06, 2021
|
Page: IDS08-J. Sanitize untrusted data included in a regular expression
|
Jon O'Donnell |
Aug 06, 2021
|
Page: IDS09-J. Specify an appropriate locale when comparing locale-dependent data
|
Derek Leung |
Nov 21, 2018
|
Page: IDS10-J. Don't form strings containing partial characters
|
Will Snavely |
Nov 16, 2017
|
Page: IDS11-J. Perform any string modifications before validation
|
Michal Rozenau |
May 18, 2021
|
Page: IDS13-J. Use compatible character encodings on both sides of file or network IO
|
David Svoboda |
Mar 15, 2022
|
Page: IDS14-J. Do not trust the contents of hidden form fields
|
Jon O'Donnell |
Jul 27, 2023
|
Page: IDS15-J. Do not allow sensitive information to leak outside a trust boundary
|
David Svoboda |
Oct 05, 2016
|
Page: IDS16-J. Prevent XML Injection
|
David Svoboda |
Mar 15, 2022
|
Page: IDS17-J. Prevent XML External Entity Attacks
|
Michal Rozenau |
Feb 26, 2021
|
Page: IDS50-J. Use conservative file naming conventions
|
David Svoboda |
Oct 05, 2016
|