Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Recommendations

SEC00-A. Do not allow exceptions to transmit sensitive information

SEC01-A. Be careful using doPrivileged

SEC02-A. Beware of standard APIs that may bypass Security Manager checks

SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance

SEC04-A. Beware of standard APIs that perform access checks against the immediate caller

SEC05-A. Handle all exception generated data appropriately

Rules

SEC30-C. Always use a Security Manager

SEC31-C. Never grant AllPermission

SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks

SEC33-C. Define wrappers around native methods

SEC34-C. Do not allow the unauthorized construction of sensitive classes

SEC35-C. Provide mutable classes with a clone method

SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification

Risk Assessment Summary

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-C

3 (high)

3 (likely)

3 (low)

P27

L1

SEC31-C

2 (medium)

2 (probable)

2 (medium)

P8

L2

SEC32-C

1 (low)

1 (unlikely)

1 (high)

P1

L3

  • No labels