SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 6

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 4

Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Be aware of the JVM Tool Interface

ENV02-J. Be aware of the Java Platform Debugger Architecture

ENV03-J. Limit remote uses of JVM Monitoring and Managing

Rules

ENV30-J. Create a secure sandbox using a Security Manager

ENV31-J. Never grant AllPermission to untrusted code

ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV33-J. Do not grant RuntimePermission with target createClassLoader

ENV34-J. Do not disable bytecode verification

ENV35-J. Provide a trusted environment and sanitize all inputs

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

...

The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java

...