Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Rules

Content by Label

showLabels	false
max	99
spaces	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
sort	title
showSpace	false
labels	+sec, +rule, -void
cql	label = "sec" and label = "rule" and label != "void" and space = currentSpace()

Risk Assessment Summary

Rule

Recommendations

SEC00-J. Follow the principle of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC03-J. Do not use APIs that perform access checks against the immediate caller

SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC05-J. Minimize accessibility of classes and their members

SEC06-J. Sign and seal sensitive objects before transit

SEC07-J. Do not allow the unauthorized construction of classes existing in forbidden packages

SEC08-J. Define custom security permissions for fine grained security

SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange

SEC10-J. Call the superclass's getPermissions method when writing a custom class loader

Rules

SEC30-J. Define wrappers around native methods

SEC31-J. Guard doPrivileged blocks against untrusted invocations

SEC32-J. Create and sign a SignedObject before creating a SealedObject

SEC33-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC34-J. Do not allow tainted variables in doPrivileged blocks

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
SEC01SEC00-J	medium Medium	probable Likely	high High	P4	L3	SEC02-J	medium	probable	medium	P8	P6	L2 SEC03
SEC01-J	medium High	probable Likely	medium Low	P8 P27	L2 L1 SEC04
SEC02-J	medium High	probable Probable	medium Medium	P8 P12	L2 L1 SEC05
SEC03-J	TODO High	TODO	TODO	P???	L???	Probable	Medium	SEC06-J	medium	likely	medium	P12	L1 SEC07
SEC04-J	medium High	likely Probable	medium Medium	P12	L1 SEC08
SEC05-J	TODO High TODO	Probable	TODO	P???	L???
SEC09-J	medium	unlikely	low	P6	L2
SEC10-J	high	probable	high	P6	L2

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
Medium	P12	L1
SEC06-J	High	Probable	Medium	P12	L1
SEC07-J	High	Probable	Low
SEC30-J	high	probable	low	P18	L1
SEC31-J	high	probable	low	P18	L1
SEC32-J	high	probable	low	P18	L1
SEC33-J	medium	probable	high	P4	L3
SEC35-J	medium	probable	low	P12	L1

...

Image Added Image Added Image Added ENV35-J. Provide a trusted environment and sanitize all inputs The CERT Sun Microsystems Secure Coding Standard for Java SEC00-J. Follow the principle of least privilege