This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Security JDI Pro-forma
Strapline
The strapline is a phrase or short sentence explaining what this JDI is good for and what it is not good for.
Description: a (short) paragraph
Note that the page title should summarise the exploit and tech e.g. XSS prevention for JSP
Categories should also be placed here. They are formatted as[[Category:JDI]]and should include tags for the technologies - both the host tech and the solution tech - and the vulnerability addressed.
Status
Status | Date | Comments |
---|---|---|
First Draft | contributed by ... | |
Drafted | ||
Reviewed | ||
Tested |
Limitations
The intention of the security JDIs is to provide good solutions to real-life problems, rather than to provide general solutions for every circumstance.
The solution presented here should be secure - that is should leave no obvious exploits - however it may not cater for every circumstance. For this reason it is critical to follow the DO's and DON'T's below which define the limits of this particular solution.
Instructions
Get the code
should include hyper links to code in binary and or source form should include dependencies
Build
should include a link to explicit build instructions, or an extract, whichever is best may not always be necessary##
Install
should include a link to detailed instructions on installation, or an extract, covering the following:
- how to modify config files (code snippets)
- where to put config files
- where to install classes and executables
- how to update paths and to what (code snippets)
Insert initialisation hooks
code snippets, locations and instructions for initialising code
Active code
snippets and locations for code which does the actual protection e.g. inline validation
Testing
Code snippets for testing protection
DO's and DON'T's
This section defines the limits of this particular security solution. If it is not possible to follow the DO's and DON'T's, then a different solution is required and the reader is referred to the Further Information section below.
Do's
- do X
- Do y
Don't's
- A
- B
Further Information
Should include references and links, where available, to
- reference documentation on and products used
- the most relevant OWASP cheat sheet
- background material on the exploit(s) being defended against
First draft JDIs should include the {{Template:Stub}} markup