3 Validation
- Secure Transformation of Data (SSL)
A two-way SSL is used when the server needs to authenticate the client. In a two-way SSL connection the client verifies the identity of the server and then passes its identity certificate to the server. The server then validates the identity certificate of the client before completing the SSL handshake. - Sign-On Messages
Below table shows the general Sign-On messages which would be displayed to the user during invalid authentication. - CSRF Token Validation
- Cross-Site Scripting (XSS)
OJET takes care of it. - Clickjacking/Frame-bursting
OJET takes care of it - CACHE Control in Servlet and jsp
- SECURE RANDOM INSTEAD OF RANDOM
The application uses a SecureRandom class to generate random number where ever required. - Injection
Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or SQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code. - Field Validations
Field level validations exist for all mandatory fields. Database too had limits on the type and the length of data. Blacklisted characters are not allowed in the mandatory fields. Nevertheless, Oracle Banking Trade Finance Process Management has free-text fields, which takes all data, entered by the user, as a String. - Restriction on Blacklist characters
- Unhandled Exception
Virtual Pages takes care of it at application level.