Recommendations
MSC00-J. Eliminate class initialization cycles
MSC02-J. Be aware of the JVM Tool Interface
MSC03-J. Be aware of the Java Platform Debugger Architecture
MSC04-J. Be aware of JVM Monitoring and Managing
MSC05-J. Make sensitive classes noncloneable
MSC06-J. Avoid cyclic dependencies between packages
MSC07-J. Prefer using URIs to URLs
MSC08-J. Prefer using Iterators over Enumerations
MSC09-J. Avoid flaws in interfaces
MSC10-J. Use bounded wildcards properly for generic classes
Rules
MSC30-J. Generate truly random numbers
MSC31-J. Never hardcode sensitive information
MSC32-J. Treat the environment as untrusted and sanitize all inputs
MSC33-J. Prevent OS Command Injection
MSC34-J. Prevent against SQL Injection
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC00-J | low | unlikely | medium | P2 | L3 |
MSC01-J | low | unlikely | high | P1 | L3 |
MSC02-J | low | unlikely | medium | P2 | L3 |
MSC03-J | medium | probable | medium | P8 | L2 |
MSC04-J | high | probable | low | P18 | L1 |
MSC05-J | medium | probable | medium | P18 | L1 |
MSC06-J | TODO | TODO | TODO | TODO | TODO |
MSC07-J | medium | unlikely | medium | P4 | L3 |
MSC08-J | low | unlikely | medium | P2 | L3 |
Rules
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC30-J | medium | unlikely | medium | P4 | L3 |
EXC31-J. Handle checked exceptions that can be thrown within a finally block The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles