Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search
Confluence
Spaces
Quick Search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
Sign up
SEI CERT Oracle Coding Standard for Java
Pages
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Dashboard
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 15. Platform Security (SEC)
Page Information
Title:
Rule 15. Platform Security (SEC)
Author:
Robert Seacord
Jan 19, 2007
Last Changed by:
Derek Leung
Nov 21, 2018
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/AzdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (6)
Page:
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Hierarchy
Parent Page
Page:
2 Rules
Children (11)
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
SEC08-J Trusted code must discard or clean any arguments provided by untrusted code
Page:
SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code
Page:
SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
Show all...
Page:
SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader
Hide...
Labels
Global Labels (3)
sec
rule-list
section
Hot Referrers
(273)
https://www.securecoding.cert.org/
(221)
www.securecoding.cert.org/confluence/pages/viewpage.action?…
(122)
wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88…
(79)
search.daum.net/
(68)
www.securecoding.cert.org/confluence/display/java/02.+Platf…
(59)
www.securecoding.cert.org/confluence/display/java/SEI+CERT+…
(42)
https://wiki.sei.cmu.edu/
(39)
cwe.mitre.org/data/definitions/859.html
(37)
wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88…
(34)
www.securecoding.cert.org/confluence/display/java/00.+Secur…
Recent Changes
Time
Editor
Nov 21, 2018 14:11
Derek Leung
View Changes
Nov 20, 2018 14:34
Derek Leung
View Changes
Nov 20, 2018 13:50
Derek Leung
View Changes
Nov 20, 2018 13:07
Derek Leung
View Changes
Nov 19, 2018 12:57
Derek Leung
View Page History
Outgoing Links
External Links (3)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT Oracle Coding Standard for Java (1)
Home page:
SEI CERT Oracle Coding Standard for Java
Overview
Content Tools
{"serverDuration": 94, "requestCorrelationId": "09fdc7440c63d6a0"}
