hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update links to OWASP cheat sheet

Browse Source
This commit is contained in:
Sauyon Lee
2019-11-06 05:42:59 -08:00
parent 2bcd418c23
commit 0040c9fb4c
36 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-079/XSS.qhelp
View File

@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.</p>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
(Cross Site Scripting) Prevention Cheat Sheet</a>.
</li>
<li>

2
java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
View File

@@ -67,7 +67,7 @@ in the environment variable or user-supplied value are not given any special tre
<li>
OWASP:
<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
Injection Prevention Cheat Sheet</a>.
</li>
<li>The CERT Oracle Secure Coding Standard for Java:

2
java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
View File

@@ -39,7 +39,7 @@ treatment.</p>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
Injection Prevention Cheat Sheet</a>.
</li>
<li>The CERT Oracle Secure Coding Standard for Java:

2
java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
View File

@@ -37,7 +37,7 @@ connection is a secure SSL connection.</p>
Class HttpsURLConnection</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
View File

@@ -38,7 +38,7 @@ Class HttpsURLConnection</a>.</li>
Class SSLSocket</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
View File

@@ -33,7 +33,7 @@ uses explicit SSL factories, which are preferable.</p>
Class SSLSocketFactory</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp
View File

@@ -58,7 +58,7 @@ OWASP vulnerability description:
</li>
<li>
OWASP guidance on deserializing objects:
<a href="https://www.owasp.org/index.php/Deserialization_Cheat_Sheet">Deserialization Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">Deserialization Cheat Sheet</a>.
</li>
<li>
Talks by Chris Frohoff &amp; Gabriel Lawrence:

2
java/ql/src/Security/CWE/CWE-611/XXE.qhelp
View File

@@ -52,7 +52,7 @@ OWASP vulnerability description:
</li>
<li>
OWASP guidance on parsing xml files:
<a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Java">XXE Prevention Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">XXE Prevention Cheat Sheet</a>.
</li>
<li>
Paper by Timothy Morgen: