report/v5_input.tex

   1 \begin{enumerate}[label=5.\arabic*]
   2         \item Verify that the runtime environment is not susceptible to buffer
   3                 overflows, or that security controls prevent buffer overflows.
   4
   5         % They skip 5.2
   6         \addtocounter{enumi}{1}
   7         \item Verify that server side input validation failures result in
   8                 request rejection and are logged.
   9
  10         % They skip 5.4
  11         \addtocounter{enumi}{1}
  12         \item Verify that input validation routines are enforced on the server
  13                 side.
  14
  15         \item\notapplicable{Verify that a single input validation control is used
  16                 by the application for each type of data that is accepted.}
  17
  18         % They skip 5.7-5.9
  19         \addtocounter{enumi}{3}
  20         \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored
  21                 procedures, calling of stored procedures are protected by the
  22                 use of prepared statements or query parameterization, and
  23                 thus not susceptible to SQL injection.
  24
  25         \item Verify that the application is not susceptible to LDAP
  26                 Injection, or that security controls prevent LDAP Injection.
  27
  28         \item Verify that the application is not susceptible to OS Command
  29                 Injection, or that security controls prevent OS Command Injection.
  30 \end{enumerate}