Remediation Guidance
Fixes
Providing clear remediation guidance is essential when reporting vulnerabilities. This guide covers secure coding patterns for common vulnerability classes.
Quick Remediation Reference
| Vulnerability | Fix |
|---|---|
| SQL Injection | Parameterized queries, ORM |
| XSS | Output encoding, CSP headers |
| Command Injection | Avoid shell, use argument arrays |
| Path Traversal | Validate paths, use allowlists |
| Deserialization | Use JSON, avoid native serialization |
| SSRF | URL allowlist, block internal IPs |
Security Libraries
bash
# Input validation
# - OWASP ESAPI
# - Apache Commons Validator
# - Joi (JavaScript)
# - Pydantic (Python)
# Output encoding
# - OWASP Java Encoder
# - DOMPurify (JavaScript)
# - bleach (Python)
# Cryptography
# - Bouncy Castle (Java)
# - cryptography (Python)
# - crypto (Node.js built-in)
# Security headers (Express.js)
const helmet = require('helmet');
app.use(helmet());
# Security headers (Django)
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
X_FRAME_OPTIONS = 'DENY'