Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable |
|---|
Recommendations
ENV00-J. Do not sign code that performs only unprivileged operations
ENV01-J. Do not deploy an application that can be accessed by the JVM Tool Interface
ENV03-J. Limit remote uses of JVM Monitoring and Managing
Rules
ENV30-J. Create a secure sandbox using a Security Manager
ENV31-J. Never grant AllPermission to untrusted code
ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks
ENV33-J. Do not grant RuntimePermission with target createClassLoader
ENV34-J. Do not disable bytecode verification
ENV35-J. Provide a trusted environment and sanitize all inputs
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
| ENV00-J | High | Probable high | probable No | medium No | P12 P6 | L1 L2 |
| ENV01-J | High | low Probable | unlikely No | medium No | P2 P6 | L3 L2 |
| ENV02-J | Low | medium Likely | probable Yes | medium No | P8 P6 | L2 |
| ENV03-J | high High | probable Likely | low No | P18 No | L1 P9 |
Rules
L2 | |||||
| ENV04 | |||||
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| ENV30-J | high High | probable Likely | low No | P18 No | L1 P9 |
ENV31- J | high | likely | low | P27 | L1 |
L2 | |||||
| ENV05 ENV32-J | high High | probable Probable | low No | P18 No | L1 P6 |
ENV33- J | high | probable | low | P18 | L1 |
L2 | |||||
| ENV06 ENV34-J | high High | likely Probable | low No | P27 No | L1 P6 |
ENV35- J | high | probable | medium | P12 | L1 |
L2 |
...
The CERT Sun Microsystems Secure Coding Standard for Java The CERT Sun Microsystems Secure Coding Standard for Java