From d383fc5d1e9f04bd0f9cdbb5066d26c908194455 Mon Sep 17 00:00:00 2001 From: Andrew van der Stock Date: Tue, 26 Feb 2019 10:42:35 +0000 Subject: [PATCH] Resolve #581 --- 4.0/en/0x13-V5-Validation-Sanitization-Encoding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md b/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md index d3fce1e441..a2cafd77ba 100644 --- a/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md +++ b/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md @@ -59,7 +59,7 @@ Many of these items are not directly penetration testable (L1), and so although Note that using parameterized queries or escaping SQL is not always sufficient; table and column names, ORDER BY and so on, cannot be escaped. The inclusion of escaped user-supplied data in these fields results in failed queries or SQL injection. -## 5.4 Unmanaged Code Requirements +## 5.4 Memory, String, and Unmanaged Code Requirements The following requirements will only apply when the application uses a systems language or unmanaged code.