OWASP Security JDI Pro-forma

Revision as of 10:24, 7 May 2013 by Edwin Aldridge (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


The strapline is a phrase or short sentence explaining what this JDI is good for and what it is not good for.

Description: a (short) paragraph

Note that the page title should summarise the exploit and tech e.g. XSS prevention for JSP

Categories are mandatory and should include tags for the technologies - both the host tech and the solution tech - and the vulnerability addressed.


Status Date Comments
First Draft contributed by ...


The intention of the security JDIs is to provide good solutions to real-life problems, rather than to provide general solutions for every circumstance.

The solution presented here should be secure - that is should leave no obvious exploits - however it may not cater for every circumstance. For this reason it is critical to follow the DO's and DON'T's below which define the limits of this particular solution.


Get the code

should include hyper links to code in binary and or source form should include dependencies


should include a link to explicit build instructions, or an extract, whichever is best may not always be necessary##


should include a link to detailed instructions on installation, or an extract, covering the following:

  1. how to modify config files (code snippets)
  2. where to put config files
  3. where to install classes and executables
  4. how to update paths and to what (code snippets)

Insert initialisation hooks

code snippets, locations and instructions for initialising code

Active code

snippets and locations for code which does the actual protection e.g. inline validation


Code snippets for testing protection

DO's and DON'T's

This section defines the limits of this particular security solution. If it is not possible to follow the DO's and DON'T's, then a different solution is required and the reader is referred to the Further Information section below.


  1. do X
  2. Do y


  1. A
  2. B

Further Information

Should include references and links, where available, to

  1. reference documentation on and products used
  2. the most relevant OWASP cheat sheet
  3. background material on the exploit(s) being defended against

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.