Rules
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Recommendations
SEC01-J. Be careful using doPrivileged
SEC02-J. Beware of standard APIs that may bypass Security Manager checks
SEC03-J. Beware of standard APIs that may use the immediate caller's class loader instance
SEC04-J. Beware of standard APIs that perform access checks against the immediate caller
SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified
SEC07-J. Minimize accessibility
Rules
SEC30-J. Always use a Security Manager
SEC31-J. Never grant AllPermission
SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks
SEC33-J. Define wrappers around native methods
SEC34-J. Do not allow the unauthorized construction of sensitive classes
SEC35-J. Provide mutable classes with a clone method
SEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification
Risk Assessment Summary
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC01SEC00-J | medium Medium | probable Likely | high High | P4 P6 | L3 L2 SEC02 |
SEC01-J | medium High | probable Likely | high Low | P4 P27 | L3 L1 SEC03 |
SEC02-J | medium High | probable Probable | high Medium | P4 P12 | L3 L1 SEC04 |
SEC03-J | medium High | probable Probable | high Medium | P4 P12 | L3 L1 SEC06 |
SEC04-J | medium High | probable Probable | high Medium | P4 P12 | L3 L1 SEC07 |
SEC05-J | medium High | probable Probable | high | P4 | L3 |
Rules
Medium | P12 | L1 | ||||||||||
SEC06 | ||||||||||||
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
SEC30-J | high | probable | low | P18 | L1 | |||||||
SEC30-J | high High | likely Probable | high Medium | P9 | L2 | SEC31-J | high | probable | low | P18 | P12 | L1 SEC32 |
SEC07-J | high High | probable Probable | low Low | P18 | L1 | |||||||
SEC33-J | medium | probable | high | P4 | L3 | |||||||
SEC34-J | high | probable | high | P6 | L2 | SEC35-J | low | unlikely | medium | P2 | L3
...