Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

01. Runtime Environment (ENV)

Created by Fred Long, last modified by Ankur Goyal on Nov 30, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Place all privileged code in a single package and seal the package

ENV02-J. Create a secure sandbox using a Security Manager

ENV03-J. Never grant AllPermission to untrusted code

ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV05-J. Do not grant RuntimePermission with target createClassLoader

ENV06-J. Provide a trusted environment and sanitize all inputs

ENV07-J. Do not deploy an application that can be accessed by the JVM Tool Interface

ENV08-J. Do not deploy an application that can be accessed using the Java Platform Debugger Architecture

ENV09-J. Limit remote uses of JVM Monitoring and Managing

ENV10-J. Do not disable bytecode verification

Risk Assessment Summary

Guideline	Severity	Likelihood	Remediation Cost	Priority	Level
ENV00- J	high	probable	medium	P12	L1
ENV01- J	high	probable	medium	P12	L1
ENV02- J	high	probable	low	P18	L1
ENV03- J	high	likely	low	P27	L1
ENV04- J	high	probable	low	P18	L1
ENV05- J	high	probable	low	P18	L1
ENV06- J	high	probable	medium	P12	L1
ENV07- J	low	unlikely	medium	P2	L3
ENV08- J	high	probable	medium	P12	L1
ENV09- J	high	probable	low	P18	L1
ENV10- J	high	likely	low	P27	L1

00. Introduction The CERT Sun Microsystems Secure Coding Standard for Java

No labels