Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 15. Platform Security (SEC)
Page Information
Title:
Rule 15. Platform Security (SEC)
Author:
Robert Seacord
Jan 19, 2007
Last Changed by:
David Svoboda
Mar 15, 2022
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/AzdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (6)
Page:
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Hierarchy
Parent Page
Page:
2 Rules
Children (11)
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
SEC08-J Trusted code must discard or clean any arguments provided by untrusted code
Page:
SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code
Page:
SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
Show all...
Page:
SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader
Hide...
Labels
Global Labels (3)
sec
rule-list
section
Recent Changes
Time
Editor
Mar 15, 2022 09:46
David Svoboda
View Changes
Mar 11, 2020 12:56
David Svoboda
View Changes
Nov 21, 2018 14:11
Derek Leung
View Changes
Nov 20, 2018 14:34
Derek Leung
View Changes
Nov 20, 2018 13:50
Derek Leung
View Page History
Outgoing Links
External Links (3)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT Oracle Coding Standard for Java (1)
Home page:
SEI CERT Oracle Coding Standard for Java
Overview
Content Tools
{"serverDuration": 108, "requestCorrelationId": "d93cff66117c0689"}