SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 18

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Do not deploy an application that can be accessed by the JVM Tool Interface

ENV02-J. Do not deploy an application that can be accessed by the Java Platform Debugger Architecture

ENV03-J. Limit remote uses of JVM Monitoring and Managing

ENV04-J. Place all privileged code in a single package and seal the package

Rules

ENV30-J. Create a secure sandbox using a Security Manager

ENV31-J. Never grant AllPermission to untrusted code

ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV33-J. Do not grant RuntimePermission with target createClassLoader

ENV34-J. Do not disable bytecode verification

ENV35-J. Provide a trusted environment and sanitize all inputs

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV00- J

high

probable

medium

P12

L1

ENV01- J

low

unlikely

medium

P2

L3

ENV02- J

medium

probable

medium

P8

L2

ENV03- J

high

probable

low

P18

L1

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV30- J

high

probable

low

P18

L1

ENV31- J

high

likely

low

P27

L1

ENV32- J

high

probable

low

P18

L1

ENV33- J

high

probable

low

P18

L1

ENV34- J

high

likely

low

P27

L1

ENV35- J

high

probable

medium

P12

L1

The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java