Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Rules

Content by Label

showLabels	false
max	99
spaces	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
sort	title
showSpace	false
labels	+sec, +rule, -void
cql	label = "sec" and label = "rule" and label != "void" and space = currentSpace()

Risk Assessment Summary

Rule

Guidelines

SEC00-J. Follow the principle of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC03-J. Do not use APIs that perform access checks against the immediate caller

SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC01-J. Minimize accessibility of classes and their members

SEC06-J. Sign and seal sensitive objects before transit

SEC07-J. Do not grant untrusted code access to classes existing in forbidden packages

SEC08-J. Define custom security permissions for fine grained security

SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange

SEC10-J. Call the superclass's getPermissions method when writing a custom class loader

SEC11-J. Do not allow unauthorized construction of classes in forbidden packages

SEC12-J. Declare classes that derive from a sensitive class or implement a sensitive interface final

SEC30-J. Define wrappers around native methods

SEC02-J. Guard doPrivileged blocks against untrusted invocations

SEC32-J. Create and sign a SignedObject before creating a SealedObject

SEC33-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC34-J. Do not allow tainted variables in doPrivileged blocks

SEC35-J. Do not base security checks on untrusted sources

SEC36-J. Enforce security checks in code that performs sensitive operations

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
SEC00-J	high Medium	probable Likely	high High	P6	L2
SEC01-J	medium High	probable Likely	high Low	P4 P27	L3 L1
SEC02-J	high High	probable Probable	medium Medium	P12	L1
SEC03-J	high High	probable Probable	medium Medium	P12	L1
SEC04-J	high High	probable Probable	medium Medium	P12	L1
SEC05-J	medium High	likely Probable	medium Medium	P12	L1
SEC06-J	medium High	likely Probable	medium Medium	P12	L1	SEC06- J	medium	probable	high	P4	L3
SEC07-J	high High	likely	high	P9	L2
SEC08- J	medium	probable	high	P4	L3
SEC09- J	medium	likely	high	P6	L2
Probable	Low	SEC10- J	high	probable	low	P18	L1
SEC11- J	high	likely	high	P9	L2
SEC12- J	medium	probable	low	P12	L1

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
SEC30- J	medium	probable	high	P4	L3
SEC31- J	medium	likely	high	P6	L2
SEC32- J	medium	likely	low	P18	L1
SEC33- J	high	probable	medium	P12	L1
SEC34- J	high	likely	low	P27	L1
SEC35- J	high	probable	medium	P12	L1
SEC36- J	high	probable	medium	P12	L1

...

Image Added Image Added Image Added ENV35-J. Provide a trusted environment and sanitize all inputs The CERT Sun Microsystems Secure Coding Standard for Java SEC00-J. Follow the principle of least privilege