...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="427bbf9a50798cdd-53c502d5-4bc74bfd-8e0fb725-a18141fc2df22ef271db9f97"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 502 | http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 499 "Serializable Class Containing Sensitive Data" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e5563af4d3b28375-737c93a2-4b5648bc-afbeb3d1-559d40f4f8a79fb16c19e51e"><ac:plain-text-body><![CDATA[ | [[Bloch 2005 | AA. Bibliography#Bloch 05]] | Puzzle 83: Dyslexic Monotheism | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="875cfe9fd6256fcc-851d115e-4991455b-829e9a18-d8f0d592602935193995c755"><ac:plain-text-body><![CDATA[ | [[Bloch 2001 | AA. Bibliography#Bloch 01]] | Item 1: Enforce the singleton property with a private constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="09f9daef53926bec-4805f493-45ff49ed-babeb67b-ee53265bc7913be7c58acb2f"><ac:plain-text-body><![CDATA[ | [[Greanier 2000 | AA. Bibliography#Greanier 00]] | [Discover the secrets of the Java Serialization API | http://java.sun.com/developer/technicalArticles/Programming/serialization/] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fda5f4b080ef8951-78b57e81-4fe54e96-b2fbbb35-8b8b43157faeffc9091545c1"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bc87a3b3b98d7fe0-25c48c58-4cf44cb2-97eab5f8-8fbdd97baae69469513f2a95"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Transient modifier | http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="91cbfe62f9c5b045-6f0d5eac-4ada4cbe-82f3b745-aa1bc9c6768b4e926f1fe76d"><ac:plain-text-body><![CDATA[ | [[Long 2005 | AA. Bibliography#Long 05]] | Section 2.4, Serialization | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="69930c7ac81df869-14aea22e-4353406b-bbfc99dd-3bdaa5784b5a8699739fcb88"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 5-1 Guard sensitive data during serialization | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8ca61635964e45f3-d0ff33fe-48bb4a8d-bc07a513-45146795159a0ba91e706f80"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.4 Preventing Serialization of Sensitive Data" | ]]></ac:plain-text-body></ac:structured-macro> |
...
SER02-J. Sign and seal sensitive objects before sending them outside a trust boundary 16. Serialization (SER) SER05-J. Do not allow serialization and deserialization to bypass the Security Manager