The system shall avoid the following vulnerabilities in every release/deployment:

  • Missing data encryption.
  • OS command injection.
  • SQL injection.
  • Buffer overflow.
  • Missing authentication for critical function.
  • Missing authorization.
  • Unrestricted upload of dangerous file types.
  • Reliance on untrusted inputs in a security decision.