You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 55 Next »

Guidelines

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Place all privileged code in a single package and seal the package

ENV02-J. Create a secure sandbox using a Security Manager

ENV03-J. Never grant AllPermission to untrusted code

ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV05-J. Do not grant RuntimePermission with target createClassLoader

ENV06-J. Provide a trusted environment and sanitize all inputs

ENV07-J. Do not deploy an application that can be accessed by the JVM Tool Interface

ENV08-J. Do not deploy an application that can be accessed using the Java Platform Debugger Architecture

ENV09-J. Limit remote uses of JVM Monitoring and Managing

ENV10-J. Do not disable bytecode verification

Risk Assessment Summary

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

ENV00- J

high

probable

medium

P12

L1

ENV01- J

high

probable

medium

P12

L1

ENV02- J

high

probable

low

P18

L1

ENV03- J

high

likely

low

P27

L1

ENV04- J

high

probable

low

P18

L1

ENV05- J

high

probable

low

P18

L1

ENV06- J

high

probable

medium

P12

L1

ENV07- J

low

unlikely

medium

P2

L3

ENV08- J

high

probable

medium

P12

L1

ENV09- J

high

probable

low

P18

L1

ENV10- J

high

likely

low

P27

L1


00. Introduction      The CERT Sun Microsystems Secure Coding Standard for Java      

  • No labels