Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

49. Miscellaneous (MSC)

Created by Dhruv Mohindra, last modified on Sep 29, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using URIs to URLs

MSC04-J. Prefer using Iterators over Enumerations

MSC05-J. Carefully design interfaces before releasing them

MSC06-J. Do not mix generic with non-generic raw types in new code

MSC07-J. Library methods should validate their parameters

MSC08-J. Finish every set of statements associated with a case label with a break statement

MSC09-J. Do not assume infinite heap space

MSC10-J. Limit the lifetime of sensitive data

Rules

MSC30-J. Generate truly random numbers

MSC31-J. Never hardcode sensitive information

MSC32-J. Prevent OS Command Injection

MSC33-J. Prevent against SQL Injection

MSC34-J. Prevent XML Injection

MSC35-J. Prevent XPath Injection

MSC36-J. Understand how escape characters are interpreted when String literals are compiled

MSC37-J. Make sensitive classes noncloneable

MSC38-J. Do not modify the underlying collection when an iteration is in progress

MSC39-J. Sanitize before processing or storing user input

MSC40-J. Account for supplementary and combining characters in globalized code

MSC41-J. Validate strings after performing normalization

MSC42-J. Do not delete non-character code points

MSC43-J. Prevent XML external entity attacks

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00- J	low	unlikely	medium	P2	L3
MSC01- J	low	unlikely	high	P1	L3
MSC02- J	low	probable	medium	P4	L3
MSC03- J	low	probable	medium	P4	L3
MSC04- J	low	unlikely	medium	P2	L3
MSC05- J	low	probable	high	P2	L3
MSC06- J	low	probable	medium	P4	L3
MSC07- J	medium	probable	high	P4	L3
MSC08- J	medium	unlikely	low	P6	L2
MSC09- J	low	probable	medium	P4	L3

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30- J	high	probable	medium	P12	L1
MSC31- J	high	probable	medium	P12	L1
MSC32- J	high	probable	medium	P12	L1
MSC33- J	medium	probable	high	P4	L3
MSC34- J	medium	probable	medium	P8	L2
MSC35- J	medium	probable	medium	P8	L2
MSC36- J	low	unlikely	high	P1	L3
MSC37- J	medium	probable	medium	P8	L2
MSC38- J	low	probable	medium	P4	L3

SER37-J. Do not deserialize from a privileged context The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles

No labels