report/v5_input.tex

   1 \begin{enumerate}[label={5.\arabic*}]
   2         \item Verify that the runtime environment is not susceptible to buffer
   3                 overflows, or that security controls prevent buffer overflows.
   4
   5                 As of \emph{OWASP}'s statement\footnote{\url{%
   6                         https://www.owasp.org/index.php/Buffer_Overflows\#Platforms_Affected}}
   7                 \PHP{} is not surceptible to buffer overflows as long no external
   8                 programs or extensions are used which is not the case.
   9         % They skip 5.2
  10         \addtocounter{enumi}{1}
  11         \item Verify that server side input validation failures result in
  12                 request rejection and are logged.
  13
  14         % They skip 5.4
  15         \addtocounter{enumi}{1}
  16         \item Verify that input validation routines are enforced on the server
  17                 side.
  18
  19         \item\notapplicable{Verify that a single input validation control is used
  20                 by the application for each type of data that is accepted.}
  21
  22         % They skip 5.7-5.9
  23         \addtocounter{enumi}{3}
  24         \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored
  25                 procedures, calling of stored procedures are protected by the
  26                 use of prepared statements or query parameterization, and
  27                 thus not susceptible to SQL injection.
  28
  29         \item Verify that the application is not susceptible to LDAP
  30                 Injection, or that security controls prevent LDAP Injection.
  31
  32         \item Verify that the application is not susceptible to OS Command
  33                 Injection, or that security controls prevent OS Command Injection.
  34 \end{enumerate}