Page History

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="76b4738b3763ae88-f6f0b74b-43714800-b9758c55-ebf1496d471bb5edafa8ff16"><ac:plain-text-body><![CDATA[	[[MITRE 2009	AA. Bibliography#MITRE 09]]	[CWE ID 502	http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data"	]]></ac:plain-text-body></ac:structured-macro>
	CWE ID 499 "Serializable Class Containing Sensitive Data"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1b7671bbd428cb2b-4792e732-43b64bc0-9ad89cc6-f48044bf4fca666d6f7e735c"><ac:plain-text-body><![CDATA[	[[Bloch 2005	AA. Bibliography#Bloch 05]]	Puzzle 83: Dyslexic Monotheism	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="822718630b3d2d3f-11a6196d-419c4067-9937b354-e5ddb3d4a19c2250469ad3fe"><ac:plain-text-body><![CDATA[	[[Bloch 2001	AA. Bibliography#Bloch 01]]	Item 1: Enforce the singleton property with a private constructor	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b4c0d12a10071cea-7b33bf2e-496b4123-bc708a5b-ab0211238176813c335a6faa"><ac:plain-text-body><![CDATA[	[[Greanier 2000	AA. Bibliography#Greanier 00]]	[Discover the secrets of the Java Serialization API	http://java.sun.com/developer/technicalArticles/Programming/serialization/]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b9262d3a63071e5c-0a59d567-4ab64bae-8fc19009-0d0d65ff07960b17d60138f3"><ac:plain-text-body><![CDATA[	[[Harold 1999	AA. Bibliography#Harold 99]]		]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c9086d5aaabedbed-6451bcd8-4851498d-a8f8be69-3460924d1ae10527220d859a"><ac:plain-text-body><![CDATA[	[[JLS 2005	AA. Bibliography#JLS 05]]	[Transient modifier	http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="28e82ded9ae77abb-2066a667-46f34727-a5d9b577-99466e1e3f7bcd75cf5208c6"><ac:plain-text-body><![CDATA[	[[Long 2005	AA. Bibliography#Long 05]]	Section 2.4, Serialization	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="565dea7e4424f5c2-cf654327-434c4202-92e38d73-48770c0a6abc3ba55f44bdee"><ac:plain-text-body><![CDATA[	[[SCG 2007	AA. Bibliography#SCG 07]]	Guideline 5-1 Guard sensitive data during serialization	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="563212571d98579c-0fd42958-4c7c4635-84968059-5829ac5fc6d0e2c30a1d46c7"><ac:plain-text-body><![CDATA[	[[Sun 2006	AA. Bibliography#Sun 06]]	"Serialization specification: A.4 Preventing Serialization of Sensitive Data"	]]></ac:plain-text-body></ac:structured-macro>

...

SER02-J. Sign and seal sensitive objects before sending them outside a trust boundary 16. Serialization (SER) SER05-J. Do not allow serialization and deserialization to bypass the Security Manager Image Added

Space shortcuts

Page tree

Versions Compared

Old Version 77

New Version 78

Key