...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="623b3681-9ded-4b7e-bc2c-59fd21e3af9c"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 502 | http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 499 "Serializable Class Containing Sensitive Data" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="d754c666-a14b-4126-99dc-d9087b4dea8b"><ac:plain-text-body><![CDATA[ | [[Bloch |
...
2005 |
...
AA. |
...
Bibliography#Bloch |
...
05] |
...
] |
...
Puzzle |
...
83: |
...
Dyslexic |
...
Monotheism | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bf27f3f8-dce7-44db-ba4b-ecf49b889e13"><ac:plain-text-body><![CDATA[ | [[Bloch 2001 | AA. Bibliography#Bloch 01]] | Item 1: Enforce the singleton property with a private constructor | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5b89ed97-d686-499a-b6c2-2f53d95bfaa5"><ac:plain-text-body><![CDATA[ | [[Greanier 2000 | AA. Bibliography#Greanier 00]] | [Discover the secrets of the Java Serialization API | http://java.sun.com/developer/technicalArticles/Programming/serialization/ |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0ba90e65-ea62-4f5a-bcb9-f6dd9831d85c"><ac:plain-text-body><![CDATA[ | [[Harold |
...
1999 |
...
AA. |
...
Bibliography#Harold |
...
99]] |
...
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e6ff470e-37c5-47f6-9f3f-921deff4afa1"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Transient modifier | http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020 |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d87b6330-33fc-432e-b197-cc96f53fcb1a"><ac:plain-text-body><![CDATA[ | [[Long |
...
2005 |
...
AA. |
...
Bibliography#Long |
...
05] |
...
] |
...
Section |
...
2.4, |
...
Serialization | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5635cdcb-7415-47d4-96ac-4ad065937579"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 5-1 Guard sensitive data during serialization | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7afb7251-f05f-4f23-8518-486aea90f5c8"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.4 Preventing Serialization of Sensitive Data" | ]]></ac:plain-text-body></ac:structured-macro> |
...
SER02-J. Sign and seal sensitive objects before sending them outside a trust boundary 16. Serialization (SER) SER05-J. Do not allow serialization and deserialization to bypass the Security Manager