1.7. Criteria based mapping of guideline

Caution

This version is already obsolete. Please check the latest guideline.

The chapter 4 of this guideline is structured functionality wise. This section shows a mapping from a point of view other than functionality. It indicates which part of guideline contains which type of content.

1.7.1. Mapping based on security measures

Using OWASP Top 10 for 2013 as an axis, links to explanation of functionalities related to security have been given

Sr. No. Item Name Corresponding Guideline
A1 Injection SQL Injection

(Details about using bind variable at the time of placeholders for query parameters)

A1 Injection XXE(XML External Entity) Injection
A1 Injection OS Command Injection
A1 Injection Email Header Injection
A1 Injection

(Shows how to validate input values)

A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References Directory Traversal
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities No mention in particular
A10 Unvalidated Redirects and Forwards No mention in particular