Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

00. Runtime Environment (ENV)

Created by Fred Long, last modified by Ankur Goyal on Aug 19, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Be aware of the JVM Tool Interface

ENV02-J. Be aware of the Java Platform Debugger Architecture

ENV03-J. Limit remote uses of JVM Monitoring and Managing

Rules

ENV30-J. Create a secure sandbox using a Security Manager

ENV31-J. Never grant AllPermission to untrusted code

ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV33-J. Do not grant RuntimePermission with target createClassLoader

ENV34-J. Do not disable bytecode verification

ENV35-J. Provide a trusted environment and sanitize all inputs

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level

The CERT Sun Microsystems Secure Coding Standard for Java The CERT Sun Microsystems Secure Coding Standard for Java The CERT Sun Microsystems Secure Coding Standard for Java

No labels