1.7. Criteria based mapping of guideline¶

Caution

This version is already obsolete. Please check the latest guideline.

The chapter 4 of this guideline is structured functionality wise. This section shows a mapping from a point of view other than functionality. It indicates which part of guideline contains which type of content.

1.7.1. Mapping based on security measures¶

Using OWASP Top 10 for 2013 as an axis, links to explanation of functionalities related to security have been given

Sr. No.	Item Name	Corresponding Guideline
A1	Injection SQL Injection	Database Access (MyBatis3) Database Access (JPA) (Details about using bind variable at the time of placeholders for query parameters)
A1	Injection XXE(XML External Entity) Injection	Ajax
A1	Injection OS Command Injection	Input Validation
A1	Injection Email Header Injection	Email header injection countermeasures
A1	Injection	Input check validation for security (Shows how to validate input values)
A2	Broken Authentication and Session Management	Session Management Authentication
A3	Cross-Site Scripting (XSS)	XSS Countermeasures Coordinating with browser security countermeasure function
A4	Insecure Direct Object References Directory Traversal	Directory traversal attack
A5	Security Misconfiguration	Logging(Mention about message contents of log) Method to display system exception code on screen(Mention about message output at the time of system exception)
A6	Sensitive Data Exposure	Properties Management Encryption Password hashing
A7	Missing Function Level Access Control	Authorization
A8	Cross-Site Request Forgery (CSRF)	CSRF Countermeasures
A9	Using Components with Known Vulnerabilities	No mention in particular
A10	Unvalidated Redirects and Forwards	No mention in particular