Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recommendations

SEC01-J. Be careful using doPrivileged

SEC02-J. Beware of standard APIs that may bypass Security Manager checks

SEC03-J. Beware of standard APIs that may use the immediate caller's class loader instance

SEC04-J. Beware of standard APIs that perform access checks against the immediate caller

SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified

SEC07-J. Minimize accessibility

Rules

SEC30-J. Always use a Security Manager

SEC31-J. Never grant AllPermission to untrusted code

SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks

SEC33-J. Define wrappers around native methods

SEC34-J. Do not allow the unauthorized construction of sensitive classes

SEC35-J. Provide mutable classes with a clone method

SEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification

Risk Assessment Summary

Recommendations

...

Recommendation

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
sorttitle
showSpacefalse
labels+sec, +rule, -void
cqllabel = "sec" and label = "rule" and label != "void" and space = currentSpace()

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC01SEC00-J medium Medium probable Likely high High

P4 P6

L3 L2 SEC02

SEC01-J medium High probable Likely high Low

P4 P27

L3 L1 SEC03

SEC02-J medium High probable Probable high Medium

P4 P12

L3 L1 SEC04

SEC03-J medium High probable Probable high Medium

P4 P12

L3 L1 SEC06

SEC04-J medium High probable Probable high Medium

P4 P12

L3 L1 SEC07

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-J

high

probable

low

P18

L1

SEC05-J medium High probable Probable high Medium

P4

L3

Rules

SEC31P12

L1

SEC06-J high High probable Probable low Medium

P18 P12

L1 SEC32

SEC07-J high High probable Probable low Low

P18

L1

SEC33-J

medium

probable

high

P4

L3

SEC34-J

high

probable

high

P6

L2

SEC35-J

low

unlikely

medium

P2

L3

SEC36-J

medium

probable

high

P4

L3

CERT Java Secure Coding Standard      CERT Java Secure Coding Standard      SEC01-J. Be careful using doPrivileged

 

...

Image Added Image Added Image Added