Skip to content

Commit

Permalink
Update 0x13-V5-Validation-Sanitization-Encoding.md
Browse files Browse the repository at this point in the history
  • Loading branch information
jmanico committed Aug 31, 2021
1 parent 7ce10df commit ad7cce3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion 4.0/en/0x13-V5-Validation-Sanitization-Encoding.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ Output encoding close or adjacent to the interpreter in use is critical to the s
| **5.3.3** | Verify that context-aware, preferably automated - or at worst, manual - output escaping protects against reflected, stored, and DOM based XSS. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 79 |
| **5.3.4** | Verify that data selection or database queries (e.g. SQL, HQL, ORM, NoSQL) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from database injection attacks. ([C3](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 89 |
| **5.3.5** | Verify that where parameterized or safer mechanisms are not present, context-specific output encoding is used to protect against injection attacks, such as the use of SQL escaping to protect against SQL injection. ([C3, C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 89 |
| **5.3.6** | Verify that the application protects against JavaScript or JSON injection attacks, including for eval attacks, remote JavaScript includes, Content Security Policy (CSP) bypasses, DOM XSS, and JavaScript expression evaluation. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 830 |
| **5.3.6** | [DELETED]| | | | |
| **5.3.7** | Verify that the application protects against LDAP injection vulnerabilities, or that specific security controls to prevent LDAP injection have been implemented. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 90 |
| **5.3.8** | Verify that the application protects against OS command injection and that operating system calls use parameterized OS queries or use contextual command line output encoding. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) |||| 78 |
| **5.3.9** | Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks. |||| 829 |
Expand Down

0 comments on commit ad7cce3

Please sign in to comment.