OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • v1 Architecture, design and threat modelling
  • v2 Authentication verification requirements
  • v3 Session management verification requirements
  • v4 Access control verification requirements
  • v5 Malicious input handling verification requirements
    • 5.1 Buffer overflows
    • 5.3 Rejects invalid input
    • 5.5 Input validation or encoding is performed and enforced on the server side.
    • 5.6 One input validation control per type of accepted data
    • 5.10 SQL Injection
    • 5.11 LDAP Injection
    • 5.12 OS Command Injection
    • 5.13 XXE
    • 5.14 XML Injection
    • 5.15 TODO
    • 5.16 HTML escaping
    • 5.17 Protected against malicious automatic binding
    • 5.18 Defends against HTTP parameter pollution attacks
    • 5.19 Output encoding/escaping has a single security control per type
    • 5.20 Structured data is strongly typed and validated with a schema
    • 5.21 Unstructured data is sanitized
    • 5.22 Untrusted HTML is sanitized
    • 5.23 Auto escaping technology always applies HTML sanitization
    • 5.24 DOM writes use safe JavaScript methods
    • 5.25 JSON is properly parsed by browser
    • 5.26 Data is cleared from client storage on session termination
  • v6 Output encoding / escaping
  • v7 Cryptography at rest verification requirements
  • v8 Error handling and logging verification requirements
  • v9 Data protection verification requirements
  • v10 Communications security verification requirements
  • v11 HTTP security configuration verification requirements
  • v12 Security configuration verification requirements
  • v13 Malicious controls verification requirements
  • v14 Internal security verification requirements
  • v15 Business logic verification requirements
  • v16 Files and resources verification requirements
  • v17 Mobile verification requirements
  • v18 Web services verification requirements
  • v19 Configuration

Browse by level:

  • Level 1: Opportunistic
  • Level 2: Standard
  • Level 3: Advanced
OWASP Annotated Application Security Verification Standard
  • Docs »
  • v5 Malicious input handling verification requirements
  • Edit on GitHub

v5 Malicious input handling verification requirementsΒΆ

  • 5.1 Buffer overflows
  • 5.3 Rejects invalid input
  • 5.5 Input validation or encoding is performed and enforced on the server side.
  • 5.6 One input validation control per type of accepted data
  • 5.10 SQL Injection
  • 5.11 LDAP Injection
  • 5.12 OS Command Injection
  • 5.13 XXE
  • 5.14 XML Injection
  • 5.15 TODO
  • 5.16 HTML escaping
  • 5.17 Protected against malicious automatic binding
  • 5.18 Defends against HTTP parameter pollution attacks
  • 5.19 Output encoding/escaping has a single security control per type
  • 5.20 Structured data is strongly typed and validated with a schema
  • 5.21 Unstructured data is sanitized
  • 5.22 Untrusted HTML is sanitized
  • 5.23 Auto escaping technology always applies HTML sanitization
  • 5.24 DOM writes use safe JavaScript methods
  • 5.25 JSON is properly parsed by browser
  • 5.26 Data is cleared from client storage on session termination
Next Previous

© Copyright 2015, Boy Baukema. Revision 471fcb0a.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versions
latest
Downloads
pdf
htmlzip
epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.