Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Guidelines

SEC00-J. Follow the principle of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC05-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC06-J. Do not use APIs that perform access checks against the immediate caller

SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC01-J. Minimize accessibility of classes and their members

SEC06-J. Sign and seal sensitive objects before transit

SEC07-J. Do not grant untrusted code access to classes existing in forbidden packages

SEC10-J. Define custom security permissions for fine grained security

SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange

SEC10-J. Call the superclass's getPermissions method when writing a custom class loader

SEC11-J. Do not allow unauthorized construction of classes in forbidden packages

SEC07-J. Declare classes that derive from a sensitive class or implement a sensitive interface final

SEC30-J. Define wrappers around native methods

SEC02-J. Guard doPrivileged blocks against untrusted invocations

SEC32-J. Create and sign a SignedObject before creating a SealedObject

SEC04-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC03-J. Do not allow tainted variables in doPrivileged blocks

SEC09-J. Do not base security checks on untrusted sources

SEC08-J. Enforce security checks in code that performs sensitive operations

Risk Assessment Summary

Recommendations

...

Recommendation

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
sorttitle
showSpacefalse
labels+sec, +rule, -void
cqllabel = "sec" and label = "rule" and label != "void" and space = currentSpace()

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC00-J high Medium probable Likely high High

P6

L2

SEC01-J medium High probable Likely high Low

P4 P27

L3 L1

SEC02-J high High probable Probable medium Medium

P12

L1

SEC03-J high High probable Probable medium Medium

P12

L1

SEC04-J high High probable Probable medium Medium

P12

L1

SEC05-J medium High likely Probable medium Medium

P12

L1

SEC06-J medium High likely Probable medium Medium

P12

L1

SEC06- J

medium

probable

high

P4

L3

SEC07-J high High likely Probable

high

P9

L2

SEC08- J

medium

probable

high

P4

L3

SEC09- J

medium

likely

high

P6

L2

SEC10- J

high

probable

low

Low

P18

L1

SEC11- J

high

likely

high

P9

L2

SEC12- J

medium

probable

low

P12

L1

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30- J

medium

probable

high

P4

L3

SEC31- J

medium

likely

high

P6

L2

SEC32- J

medium

likely

low

P18

L1

SEC33- J

high

probable

medium

P12

L1

SEC34- J

high

likely

low

P27

L1

SEC35- J

high

probable

medium

P12

L1

SEC36- J

high

probable

medium

P12

L1

ENV35-J. Provide a trusted environment and sanitize all inputs      The CERT Sun Microsystems Secure Coding Standard for Java      SEC00-J. Follow the principle of least privilege

 

...

Image Added Image Added Image Added