Page Information

Title:	Applicable in Principle to Android (Java Rules/Recomendations)
Author:	Unknown User (lflynn)	Aug 09, 2013
Last Changed by:	Sandy Shrum	May 07, 2015
Tiny Link: (useful for email)	https://wiki.sei.cmu.edu/confluence/x/jtAxBQ
Export As:	Word · PDF

Android (1)     Page: Introduction to Java Recommendations

Parent Page     Page: Java Coding Language

• applicability-list
• java

Time	Editor
May 07, 2015 14:15	Sandy Shrum	View Changes
May 07, 2015 11:48	Sandy Shrum	View Changes
May 07, 2015 09:56	Sandy Shrum	View Changes
May 07, 2015 09:51	Sandy Shrum	View Changes
May 06, 2015 08:25	Barbara White

External Links (53)
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/E…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/N…
    https://code.google.com/p/mezzofanti/issues/detail?id=1
    https://www.securecoding.cert.org/confluence/display/java/N…
    https://www.securecoding.cert.org/confluence/display/java/I…
    https://www.securecoding.cert.org/confluence/display/java/L…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/L…
    https://www.securecoding.cert.org/confluence/display/java/S…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/E…
    https://www.securecoding.cert.org/confluence/display/java/N…
    developer.android.com/training/articles/perf-tips.html#Avoi…
    https://www.securecoding.cert.org/confluence/display/java/M…
    developer.android.com/guide/topics/security/permissions.htm…
    https://www.securecoding.cert.org/confluence/display/java/I…
    https://www.securecoding.cert.org/confluence/display/java/S…
    https://www.securecoding.cert.org/confluence/display/java/M…
    https://www.securecoding.cert.org/confluence/display/java/F…
    user.name
    https://www.securecoding.cert.org/confluence/display/java/S…
    https://www.securecoding.cert.org/confluence/display/java/M…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/T…
    media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-t…
    https://www.securecoding.cert.org/confluence/display/java/M…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/F…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/N…
    https://www.securecoding.cert.org/confluence/display/java/L…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/I…
    developer.android.com/guide/topics/manifest/uses-permission…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/pages/viewpage…
    https://www.securecoding.cert.org/confluence/display/java/T…
    blog.sina.com.cn/s/blog_be6dacae0101bksm.html
    https://www.securecoding.cert.org/confluence/display/java/E…
    https://www.securecoding.cert.org/confluence/display/java/I…
    https://www.securecoding.cert.org/confluence/display/java/E…
    https://www.securecoding.cert.org/confluence/display/java/S…
    https://www.securecoding.cert.org/confluence/display/java/T…
    https://www.securecoding.cert.org/confluence/display/java/E…
    developer.android.com/reference/java/lang/Thread.html#stop%…
    android-developers.blogspot.ro/2009/05/painless-threading.h…

Android (2)     Page: DRD04-J. Do not log sensitive information     Page: DRD08-J. Always canonicalize a URL received by a content provider

SEI CERT Oracle Coding Standard for Java (18)     Page: SEC55-J. Ensure that security-sensitive methods are called with validated arguments     Page: FIO50-J. Do not make assumptions about file creation     Page: Rule AA. References     Page: FIO51-J. Identify files using multiple file attributes     Page: MSC60-J. Do not use assertions to verify the absence of runtime errors     Page: MSC59-J. Limit the lifetime of sensitive data     Page: IDS54-J. Prevent LDAP injection     Page: SEC53-J. Define custom security permissions for fine-grained security     Page: IDS01-J. Normalize strings before validating them     Page: SEC51-J. Minimize privileged code     Page: IDS51-J. Properly encode or escape output     Page: IDS52-J. Prevent code injection     Page: SEC50-J. Avoid granting excess privileges     Page: ENV05-J. Do not deploy an application that can be remotely monitored     Page: IDS56-J. Prevent arbitrary file upload     Home page: SEI CERT Oracle Coding Standard for Java     Page: JNI03-J. Do not use direct pointers to Java objects in JNI code     Page: MSC00-J. Use SSLSocket rather than Socket for secure data exchange