v5 Malicious input handling verification requirementsΒΆ
- 5.1 Buffer overflows
- 5.3 Rejects invalid input
- 5.5 Input validation or encoding is performed and enforced on the server side.
- 5.6 One input validation control per type of accepted data
- 5.10 SQL Injection
- 5.11 LDAP Injection
- 5.12 OS Command Injection
- 5.13 XXE
- 5.14 XML Injection
- 5.15 TODO
- 5.16 HTML escaping
- 5.17 Protected against malicious automatic binding
- 5.18 Defends against HTTP parameter pollution attacks
- 5.19 Output encoding/escaping has a single security control per type
- 5.20 Structured data is strongly typed and validated with a schema
- 5.21 Unstructured data is sanitized
- 5.22 Untrusted HTML is sanitized
- 5.23 Auto escaping technology always applies HTML sanitization
- 5.24 DOM writes use safe JavaScript methods
- 5.25 JSON is properly parsed by browser
- 5.26 Data is cleared from client storage on session termination