1. [Mandatory] User-owned pages or functions must be authorized.

Note: Prevent the access and manipulation of other people’s data without authorization check, e.g. view or modify other people’s orders.

2. [Mandatory] Direct display of user sensitive data is not allowed. Displayed data must be desensitized.

Note: Personal phone number should be displayed as: 158****9119. The middle 4 digits are hidden to prevent privacy leaks.

3. [Mandatory] SQL parameter entered by users should be checked carefully or limited by METADATA, to prevent SQL injection. Database access by string concatenation SQL is forbidden.

4. [Mandatory] Any parameters input by users must go through validation check.

Note: Ignoring parameter check may cause:

  • memory leak because of excessive page size
  • slow database query because of malicious order by
  • arbitrary redirection
  • SQL injection
  • deserialize injection
  • ReDoS

Note: In Java regular expressions is used to validate client input. Some regular expressions can validate common user input without any problem, but it could lead to a dead cycle if the attacker uses a specially constructed string to verify.

5. [Mandatory] It is forbidden to output user data to HTML page without security filtering or proper escaping.

6. [Mandatory] Form and AJAX submission must be filtered by CSRF security check.

Note: CSRF (Cross-site Request Forgery) is a kind of common programming flaw. For applications/websites with CSRF leaks, attackers can construct URL in advance and modify the user parameters in database as long as the victim user visits without notice.

7. [Mandatory] It is necessary to use the correct anti-replay restrictions, such as number restriction, fatigue control, verification code checking, to avoid abusing of platform resources, such as text messages, e-mail, telephone, order, payment.

Note: For example, if there is no limitation to the times and frequency when sending verification codes to mobile phones, users might be bothered and SMS platform resources might be wasted.

8. [Recommended] In scenarios when users generate content (e.g., posting, comment, instant messages), anti-scam word filtering and other risk control strategies must be applied.