Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 00. Input Validation and Data Sanitization (IDS)
IDS17-J. Prevent XML External Entity Attacks
Page Information
Title:
IDS17-J. Prevent XML External Entity Attacks
Author:
Robert Seacord (Manager)
Oct 27, 2014
Last Changed by:
Michal Rozenau
Feb 26, 2021
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/xDZGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (1)
Page:
IDS16-J. Prevent XML Injection
Hierarchy
Parent Page
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Labels
Global Labels (2)
ids
rule
Recent Changes
Time
Editor
Feb 26, 2021 08:40
Michal Rozenau
View Changes
Parasoft Jtest 2020.2
Dec 19, 2018 10:48
Alexandre GIGLEUX
View Changes
Dec 05, 2018 08:01
Alexandre GIGLEUX
View Changes
Nov 28, 2018 08:28
Alexandre GIGLEUX
View Changes
Mar 21, 2018 20:51
Arthur Hicken
type in rule ID in risk section
View Page History
Outgoing Links
External Links (10)
https://www.safaribooksonline.com/library/view/secure-codin…
cwe.mitre.org/data/definitions/116.html
https://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE…
java.net
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
https://rules.sonarsource.com/java/RSPEC-2755
cwe.mitre.org/
https://rules.sonarsource.com/java/RSPEC-4435
https://www.owasp.org/index.php/Testing_for_XML_Injection_%…
internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0…
SEI CERT C Coding Standard (2)
Home page:
SEI CERT C Coding Standard
Page:
STR02-C. Sanitize data passed to complex subsystems
SEI CERT Oracle Coding Standard for Java (11)
Page:
Fortify
Page:
The Checker Framework_V
Page:
SonarQube
Page:
Rule AA. References
Page:
SonarQube_V
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Page:
The Checker Framework
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
Rule 01. Declarations and Initialization (DCL)
Page:
Rule BB. Glossary
Page:
IDS16-J. Prevent XML Injection
SEI CERT Perl Coding Standard (2)
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
Home page:
SEI CERT Perl Coding Standard
SEI CERT C++ Coding Standard (2)
Home page:
SEI CERT C++ Coding Standard
Page:
VOID STR02-CPP. Sanitize data passed to complex subsystems
Overview
Content Tools
{"serverDuration": 86, "requestCorrelationId": "c6f209499ac20e79"}
