...
SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code
SEC03-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted codeSEC04-J. Do not allow tainted parameters while using APIs that perform access checks against the immediate caller
SEC06SEC05-J. Assume that all Java clients can be reverse engineered, monitored, and modifiedSEC07-J. Minimize accessibility of classes and their members
SEC08SEC06-J. Sign and seal sensitive objects before transit
SEC09SEC07-J. Create and sign a SignedObject before creating a SealedObjectSEC10-J. Do not allow the unauthorized construction of sensitive classes
SEC11SEC08-J. Define custom security permissions for fine grained security
SEC12SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange
Rules
SEC30-J. Reserved (moved to ENV30-J)
SEC31-J. Reserved (moved to ENV31-J)
SEC32-J. Reserved (moved to ENV32-J)
SEC33-J. Define wrappers around native methods
SEC34SEC31-J. Reserved (moved to ENV33-J)
SEC35-J. Reserved (moved to ENV34-J)
Guard doPrivileged blocks against untrusted invocations
SEC32-J. Create and sign a SignedObject before creating a SealedObject
SEC33-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted codeSEC36-J. Guard doPrivileged blocks against untrusted invocations
Risk Assessment Summary
Recommendations
...