Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recommendations

SEC00-J. Follow the principle of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC03-J. Do not allow tainted parameters while using APIs that perform access checks against the immediate caller

SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC05-J. Minimize accessibility of classes and their members

SEC06-J. Sign and seal sensitive objects before transit

SEC07-J. Do not allow the unauthorized construction of classes existing in untrusted packages

SEC08-J. Define custom security permissions for fine grained security

SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange

SEC10-J. Call the superclass's getPermissions method when writing a custom class loader

Rules

SEC30-J. Define wrappers around native methods

SEC31-J. Guard doPrivileged blocks against untrusted invocations

SEC32-J. Create and sign a SignedObject before creating a SealedObject

SEC33-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC34-J. Do not allow tainted variables in doPrivileged blocks

Risk Assessment Summary

Recommendations

...

Recommendation

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
sorttitle
showSpacefalse
labels+sec, +rule, -void
cqllabel = "sec" and label = "rule" and label != "void" and space = currentSpace()

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC01SEC00-J medium Medium probable Likely high High

P4

L3

SEC02-J

medium

probable

medium

P8

P6

L2 SEC03

SEC01-J medium High probable Likely medium Low

P8 P27

L2 L1 SEC04

SEC02-J medium High probable Probable medium Medium

P8 P12

L2 L1 SEC05

SEC03-J TODO HighTODOProbable

TODO

TODO

TODO

SEC06-J

medium

likely

medium

Medium

P12

L1 SEC07

SEC04-J medium High likely Probable medium Medium

P12

L1 SEC08

SEC05-J TODO High TODO Probable TODO Medium

TODO

TODO

SEC09-J

medium

unlikely

low

P6

L2

SEC10-J

high

probable

high

P6

L2

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-J

high

probable

low

P18

L1

SEC31-J

high

probable

low

P18

L1

SEC32-J

high

probable

low P12

L1

SEC06-JHighProbableMedium

P12

L1

SEC07-JHighProbableLow

P18

L1

SEC33-J

medium

probable

high

P4

L3

SEC35-J

medium

probable

low

P12

L1

The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      SEC31-J. Guard doPrivileged blocks against untrusted invocations

 

...

Image Added Image Added Image Added