OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • 1 Architecture, Design and Threat Modeling
  • 2 Authentication
  • 3 Session Management
  • 4 Access Control
  • 5 Validation, Sanitization and Encoding
    • 5.1 Input Validation Requirements
    • 5.2 Sanitization and Sandboxing Requirements
    • 5.3 Output encoding and Injection Prevention Requirements
      • 5.3.1 Output encoding is relevant for the interpreter and context required
      • 5.3.2 Output encoding preserves the user’s chosen character set and locale
      • 5.3.3 Context-aware output escaping protects against reflected, stored, and DOM based XSS
      • 5.3.4 Data selection or database queries are protected against database injection attacks
      • 5.3.5 Context-specific output encoding is used where parameterized or safer mechanisms are not present
      • 5.3.6 The application protects against JavaScript or JSON injection attacks
      • 5.3.7 The application protects against LDAP injection vulnerabilities
      • 5.3.8 The application protects against OS command injection
      • 5.3.9 The application protects against Local File Inclusion (LFI)
      • 5.3.10 The application protects against XPath injection or XML injection attacks
    • 5.4 Memory, String, and Unmanaged Code Requirements
    • 5.5 Deserialization Prevention Requirements
  • 6 Stored Cryptography
  • 7 Error Handling and Logging
  • 8 Data Protection
  • 9 Communications
  • 10 Malicious Code
  • 11 Business Logic
  • 12 Files and Resources
  • 13 API and Web Service
  • 14 Configuration
OWASP Annotated Application Security Verification Standard
  • Docs »
  • 5 Validation, Sanitization and Encoding »
  • 5.3 Output encoding and Injection Prevention Requirements

5.3 Output encoding and Injection Prevention Requirements¶

Browse by item:

  • 5.3.1 Output encoding is relevant for the interpreter and context required
  • 5.3.2 Output encoding preserves the user’s chosen character set and locale
  • 5.3.3 Context-aware output escaping protects against reflected, stored, and DOM based XSS
  • 5.3.4 Data selection or database queries are protected against database injection attacks
  • 5.3.5 Context-specific output encoding is used where parameterized or safer mechanisms are not present
  • 5.3.6 The application protects against JavaScript or JSON injection attacks
  • 5.3.7 The application protects against LDAP injection vulnerabilities
  • 5.3.8 The application protects against OS command injection
  • 5.3.9 The application protects against Local File Inclusion (LFI)
  • 5.3.10 The application protects against XPath injection or XML injection attacks
Next Previous

© Copyright 2019 Wessel van der Linden Revision 63d1bede.

Built with Sphinx using a theme provided by Read the Docs.