Difference between revisions of "OWASP Security JDI Pro-forma"

Jump to: navigation, search
(One intermediate revision by the same user not shown)
Line 10: Line 10:
== Status ==
== Status ==
{| class="wikitable sortable"
{| class="wikitable"
Line 89: Line 89:
<pre>First draft JDIs should include the {{Template:Stub}} markup</pre>

Latest revision as of 12:12, 7 May 2013


The strapline is a phrase or short sentence explaining what this JDI is good for and what it is not good for.

Description: a (short) paragraph

Note that the page title should summarise the exploit and tech e.g. XSS prevention for JSP

Categories should also be placed here. They are formatted as
and should include tags for the technologies - both the host tech and the solution tech - and the vulnerability addressed.


Status Date Comments
First Draft contributed by ...


The intention of the security JDIs is to provide good solutions to real-life problems, rather than to provide general solutions for every circumstance.

The solution presented here should be secure - that is should leave no obvious exploits - however it may not cater for every circumstance. For this reason it is critical to follow the DO's and DON'T's below which define the limits of this particular solution.


Get the code

should include hyper links to code in binary and or source form should include dependencies


should include a link to explicit build instructions, or an extract, whichever is best may not always be necessary##


should include a link to detailed instructions on installation, or an extract, covering the following:

  1. how to modify config files (code snippets)
  2. where to put config files
  3. where to install classes and executables
  4. how to update paths and to what (code snippets)

Insert initialisation hooks

code snippets, locations and instructions for initialising code

Active code

snippets and locations for code which does the actual protection e.g. inline validation


Code snippets for testing protection

DO's and DON'T's

This section defines the limits of this particular security solution. If it is not possible to follow the DO's and DON'T's, then a different solution is required and the reader is referred to the Further Information section below.


  1. do X
  2. Do y


  1. A
  2. B

Further Information

Should include references and links, where available, to

  1. reference documentation on and products used
  2. the most relevant OWASP cheat sheet
  3. background material on the exploit(s) being defended against

First draft JDIs should include the {{Template:Stub}} markup