+\begin{enumerate}[label=5.\arabic*]
+ \item Verify that the runtime environment is not susceptible to buffer
+ overflows, or that security controls prevent buffer overflows.
+
+ % They skip 5.2
+ \addtocounter{enumi}{1}
+ \item Verify that server side input validation failures result in
+ request rejection and are logged.
+
+ % They skip 5.4
+ \addtocounter{enumi}{1}
+ \item Verify that input validation routines are enforced on the server
+ side.
+
+ \item\notapplicable{Verify that a single input validation control is used
+ by the application for each type of data that is accepted.}
+
+ % They skip 5.7-5.9
+ \addtocounter{enumi}{3}
+ \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored
+ procedures, calling of stored procedures are protected by the
+ use of prepared statements or query parameterization, and
+ thus not susceptible to SQL injection.
+
+ \item Verify that the application is not susceptible to LDAP
+ Injection, or that security controls prevent LDAP Injection.
+
+ \item Verify that the application is not susceptible to OS Command
+ Injection, or that security controls prevent OS Command Injection.
+\end{enumerate}