OWASP Security JDI Pro-forma

From OWASP
Jump to: navigation, search

Contents

Strapline

The strapline is a phrase or short sentence explaining what this JDI is good for and what it is not good for.

Description: a (short) paragraph

Note that the page title should summarise the exploit and tech e.g. XSS prevention for JSP

Categories should also be placed here. They are formatted as
[[Category:JDI]]
and should include tags for the technologies - both the host tech and the solution tech - and the vulnerability addressed.

Status

Status Date Comments
First Draft contributed by ...
Drafted
Reviewed
Tested

Limitations

The intention of the security JDIs is to provide good solutions to real-life problems, rather than to provide general solutions for every circumstance.

The solution presented here should be secure - that is should leave no obvious exploits - however it may not cater for every circumstance. For this reason it is critical to follow the DO's and DON'T's below which define the limits of this particular solution.

Instructions

Get the code

should include hyper links to code in binary and or source form should include dependencies

Build

should include a link to explicit build instructions, or an extract, whichever is best may not always be necessary##

Install

should include a link to detailed instructions on installation, or an extract, covering the following:

  1. how to modify config files (code snippets)
  2. where to put config files
  3. where to install classes and executables
  4. how to update paths and to what (code snippets)

Insert initialisation hooks

code snippets, locations and instructions for initialising code

Active code

snippets and locations for code which does the actual protection e.g. inline validation

Testing

Code snippets for testing protection

DO's and DON'T's

This section defines the limits of this particular security solution. If it is not possible to follow the DO's and DON'T's, then a different solution is required and the reader is referred to the Further Information section below.

Do's

  1. do X
  2. Do y

Don't's

  1. A
  2. B

Further Information

Should include references and links, where available, to

  1. reference documentation on and products used
  2. the most relevant OWASP cheat sheet
  3. background material on the exploit(s) being defended against


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.