OWASP Security JDI Pro-forma
The strapline is a phrase or short sentence explaining what this JDI is good for and what it is not good for.
Description: a (short) paragraph
Note that the page title should summarise the exploit and tech e.g. XSS prevention for JSP
Categories are mandatory and should include tags for the technologies - both the host tech and the solution tech - and the vulnerability addressed.
|First Draft||contributed by ...|
The intention of the security JDIs is to provide good solutions to real-life problems, rather than to provide general solutions for every circumstance.
The solution presented here should be secure - that is should leave no obvious exploits - however it may not cater for every circumstance. For this reason it is critical to follow the DO's and DON'T's below which define the limits of this particular solution.
Get the code
should include hyper links to code in binary and or source form should include dependencies
should include a link to explicit build instructions, or an extract, whichever is best may not always be necessary##
should include a link to detailed instructions on installation, or an extract, covering the following:
- how to modify config files (code snippets)
- where to put config files
- where to install classes and executables
- how to update paths and to what (code snippets)
Insert initialisation hooks
code snippets, locations and instructions for initialising code
snippets and locations for code which does the actual protection e.g. inline validation
Code snippets for testing protection
DO's and DON'T's
This section defines the limits of this particular security solution. If it is not possible to follow the DO's and DON'T's, then a different solution is required and the reader is referred to the Further Information section below.
- do X
- Do y
Should include references and links, where available, to
- reference documentation on and products used
- the most relevant OWASP cheat sheet
- background material on the exploit(s) being defended against