Rules
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Recommendations
SEC01-J. Be careful using doPrivileged
SEC02-J. Beware of standard APIs that may bypass Security Manager checks
SEC03-J. Beware of standard APIs that may use the immediate caller's class loader instance
SEC04-J. Beware of standard APIs that perform access checks against the immediate caller
SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified
SEC07-J. Minimize accessibility
Rules
SEC30-J. Always use a Security Manager
SEC31-J. Never grant AllPermission to untrusted code
SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks
SEC33-J. Define wrappers around native methods
SEC34-J. Do not allow the unauthorized construction of sensitive classes
SEC35-J. Provide mutable classes with a clone method
SEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC01-J | medium | probable | high | P4 | L3 |
SEC02-J | medium | probable | high | P4 | L3 |
SEC03-J | medium | probable | high | P4 | L3 |
SEC04-J | medium | probable | high | P4 | L3 |
SEC06-J | medium | probable | high | P4 | L3 |
SEC07-J | medium | probable | high | P4 | L3 |
Rules
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC30SEC00-J | high Medium | probable Likely | low High | P18 P6 | L1 L2 SEC31 |
SEC01-J | high High | probable Likely | low Low | P18 P27 | L1 SEC32 |
SEC02-J | high High | probable Probable | low Medium | P18 P12 | L1 SEC33 |
SEC03-J | medium High | probable Probable | high Medium | P4 P12 | L3 L1 SEC34 |
SEC04-J | high High | probable Probable | high Medium | P6 P12 | L2 L1 SEC35 |
SEC05-J | low High | unlikely Probable | medium Medium | P2 P12 | L3 L1 SEC36 |
SEC06-J | medium High | probable Probable | high Medium | P4 P12 | L3 L1 SEC37 |
SEC07-J | medium High | likely Probable | low Low | P18 | L1 |
...
The CERT Sun Microsystems Secure Coding Standard for Java The CERT Sun Microsystems Secure Coding Standard for Java SEC01-J. Be careful using doPrivileged