Rules
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule |
---|
Guidelines
SEC00-J. Follow the principle of least privilege
SEC01-J. Minimize accessibility of classes and their members
SEC02-J. Guard doPrivileged blocks against untrusted invocations
SEC03-J. Do not allow tainted variables in doPrivileged blocks
SEC04-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code
SEC06-J. Do not use APIs that perform access checks against the immediate caller
SEC07-J. Declare classes that derive from a sensitive class or implement a sensitive interface final
SEC08-J. Enforce security checks in code that performs sensitive operations
SEC09-J. Do not base security checks on untrusted sources
SEC10-J. Define custom security permissions for fine grained security
SEC11-J. Call the superclass's getPermissions method when writing a custom class loader
SEC12-J. Do not grant untrusted code access to classes existing in forbidden packages
SEC13-J. Do not allow unauthorized construction of classes in forbidden packages
SEC14-J. Provide sensitive mutable classes with unmodifiable wrappers
SEC15-J. Prefer using SSLSockets over Sockets for secure data exchange
SEC16-J. Sign and seal sensitive objects before transit
SEC17-J. Create and sign a SignedObject before creating a SealedObject
SEC18-J. Define wrappers around native methods
Risk Assessment Summary
Recommendations
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
SEC00-J | high Medium | probable Likely | high High | P6 | L2 | |||||||
SEC01-J | medium High | likely Likely | medium Low | P12 P27 | L1 | |||||||
SEC02-J | medium High | likely Probable | high Medium | P6 P12 | L2 L1 | |||||||
SEC03-J | high High | likely Probable | low Medium | P27 P12 | L1 | |||||||
SEC04-J | high High | probable Probable | medium Medium | P12 | L1 | |||||||
SEC05-J | high High | probable Probable | medium Medium | P12 | L1 | |||||||
SEC06-J | medium High | likely | medium | P12 | L1 | SEC06- J | high | probable | Probable | Medium medium | P12 | L1 |
SEC07-J | medium High | probable | low | P12 | L1 | |||||||
SEC08- J | high | probable | medium | P12 | L1 | |||||||
SEC09- J | high | probable | medium | P12 | L1 | |||||||
SEC10- J | medium | probable | high | P4 | L3 | |||||||
Probable | Low | SEC11- J | high | probable | low | P18 | L1 | |||||
SEC12- J | high | likely | high | P9 | L2 | |||||||
SEC13- J | high | likely | high | P9 | L2 | |||||||
SEC14- J | medium | probable | high | P4 | L3 | |||||||
SEC15- J | medium | likely | high | P6 | L2 | |||||||
SEC16- J | medium | probable | high | P4 | L3 | |||||||
SEC17- J | medium | likely | low | P18 | L1 | |||||||
SEC18- J | medium | probable | high | P4 | L3 | |||||||
SEC19- J | high | probable | medium | P12 | L1 |
...
ENV06-J. Provide a trusted environment and sanitize all inputs The CERT Sun Microsystems Secure Coding Standard for Java SEC00-J. Follow the principle of least privilege