Rules
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Recommendations
SEC00-A. Do not allow exceptions to transmit sensitive information
SEC01-A. Be careful using doPrivileged
SEC02-A. Beware of standard APIs that may bypass Security Manager checks
SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance
SEC04-A. Beware of standard APIs that perform access checks against the immediate caller
Rules
SEC30-C. Always use a Security Manager
SEC31-C. Never grant AllPermission
SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks
SEC33-C. Define wrappers around native methods
SEC34-C. Do not allow the unauthorized construction of sensitive classes
SEC35-C. Provide mutable classes with a clone method
SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification
Risk Assessment Summary
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC30-C | 3 (high) | 3 (likely) | 3 (low) | P27 | L1 |
SEC31-C | 2 (medium) | 2 (probable) | 2 (medium) | P8 | L2 | SEC32-C | 1 (low) | 1 (unlikely) | 1 (high) | P1 | L3
SEC00-J | Medium | Likely | High | P6 | L2 |
SEC01-J | High | Likely | Low | P27 | L1 |
SEC02-J | High | Probable | Medium | P12 | L1 |
SEC03-J | High | Probable | Medium | P12 | L1 |
SEC04-J | High | Probable | Medium | P12 | L1 |
SEC05-J | High | Probable | Medium | P12 | L1 |
SEC06-J | High | Probable | Medium | P12 | L1 |
SEC07-J | High | Probable | Low | P18 | L1 |
...