Rules
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC00-J | Medium | Likely | High | P6 | L2 |
SEC01-J | High | Likely | Low | P27 | L1 |
SEC02-J | High | Probable | Medium | P12 | L1 |
SEC03-J | High | Probable | Medium | P12 | L1 |
SEC04-J | High | Probable | Medium | P12 | L1 |
SEC05-J | High | Probable | Medium | P12 | L1 |
SEC06-J | High | Probable | Medium | P12 | L1 |
SEC07-J | High | Probable | Low | P18 | L1 |
...
Recommendations
SEC00-J. Do not allow exceptions to transmit sensitive information
SEC01-J. Be careful using doPrivileged
SEC02-J. Beware of standard APIs that may bypass Security Manager checks
SEC03-J. Beware of standard APIs that may use the immediate caller's class loader instance
SEC04-J. Beware of standard APIs that perform access checks against the immediate caller
SEC05-J. Handle exceptions appropriately
SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified
Rules
SEC30-J. Always use a Security Manager
SEC31-J. Never grant AllPermission
SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks
SEC33-J. Define wrappers around native methods
SEC34-J. Do not allow the unauthorized construction of sensitive classes
SEC35-J. Provide mutable classes with a clone method
SEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification
Risk Assessment Summary
Rules
...
Rule
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
SEC30-C
...
high
...
likely
...
low
...
P27
...
L1
...
SEC31-C
...
medium
...
probable
...
medium
...
P8
...
L2
...
SEC32-C
...
low
...
unlikely
...
high
...
P1
...