...
SEC04-J. Beware of standard APIs that perform access checks against the immediate caller
SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | |||
---|---|---|---|---|---|---|---|---|
SEC01-J | medium | probable | high | P4 | L3 | |||
SEC02-J | medium | probable | high medium | P4 P8 | L3 L2 | |||
SEC03-J | medium | probable | high medium | P4 P8 | L3 L2 | |||
SEC04-J | medium | probable | high | P4 | medium | P8 | L2 | |
SEC05-J | TODO | TODO | TODO | TODO | TODO L3 | |||
SEC06-J | medium | probable likely | high medium | P4 P12 | L3 L1 | |||
SEC07-J | medium | likely | medium | P12 | L1 | |||
SEC08-J | TODO | TODO | TODO | TODO | TODO | |||
SEC09-J | medium | probable unlikely | high low | P4 P6 | L3 L2 |
Rules
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SEC30-J | high | probable | low | P18 | L1 | ||||||||||||
SEC31-J | high | probable | low | P18 | L1 | ||||||||||||
SEC32-J | high | probable | low | P18 | L1 | ||||||||||||
SEC33-J | medium | probable | high | P4 | L3 | ||||||||||||
SEC34-J | high | probable | high | P6 | L2 | ||||||||||||
SEC35-J | low high | unlikely | medium | P2 | L3 | SEC36-J | medium | probable | high | P4 | L3 | SEC37-J | medium | likely | low | P18 P9 | L1 L2 |
...
The CERT Sun Microsystems Secure Coding Standard for Java The CERT Sun Microsystems Secure Coding Standard for Java SEC01-J. Be careful using doPrivileged