Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable |
|---|
Guidelines
ENV00-J. Do not sign code that performs only unprivileged operations
ENV01-J. Place all privileged code in a single package and seal the package
ENV02-J. Create a secure sandbox using a Security Manager
ENV03-J. Never grant AllPermission to untrusted code
ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks
ENV05-J. Do not grant RuntimePermission with target createClassLoader
ENV06-J. Provide a trusted environment and sanitize all inputs
ENV07-J. Do not deploy an application that can be accessed by the JVM Tool Interface
ENV09-J. Limit remote uses of JVM Monitoring and Managing
ENV10-J. Do not disable bytecode verification
Risk Assessment Summary
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
| ENV00-J | High | high Probable | probable No | medium No | P12 P6 | L1 L2 |
| ENV01-J | High | Probable high | probable No | medium No | P12 P6 | L1 L2 |
| ENV02-J | Low | high Likely | probable Yes | low No | P18 P6 | L1 L2 |
| ENV03-J | High | Likely high | likely No | low No | P27 P9 | L1 L2 |
| ENV04-J | High | high Likely | probable No | low No | P18 P9 | L1 L2 |
| ENV05-J | High | Probable high | probable No | low No | P18 P6 | L1 L2 |
| ENV06-J | high High | probable Probable | medium No | P12 No | L1 P6 | |
ENV07-J | low | unlikely | medium | P2 | L3 | |
ENV08-J | high | probable | medium | P12 | L1 | |
ENV09-J | high | probable | low | P18 | L1 | |
ENV10-J | high | likely | low | P27 | L1 | |
L2 |
...
00. Introduction The CERT Oracle Secure Coding Standard for Java