Recommendations
SEC00-A. Do not allow exceptions to transmit sensitive information
SEC01-A. Be careful using doPrivileged
SEC02-A. Beware of standard APIs that may bypass Security Manager checks
SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance
SEC04-A. Beware of standard APIs that perform access checks against the immediate caller
Rules
SEC30-C. Always use a Security Manager_old
SEC31-C. Never grant AllPermission
SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks
SEC33-C. Define wrappers around native methods
SEC34-C. Do not allow the unauthorized construction of sensitive classes
SEC35-C. Provide mutable classes with a clone method
SEC36-C. Ensure that the bytecode verifier is applied to modified code
Risk Assessment Summary
Rules
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
SEC30-C |
3 (high) |
3 (likely) |
3 (low) |
P27 |
L1 |
SEC31-C |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
SEC32-C |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |