Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

01. Runtime Environment (ENV)

Created by Fred Long, last modified by Ankur Goyal on Nov 23, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Place all privileged code in a single package and seal the package

ENV02-J. Create a secure sandbox using a Security Manager

ENV03-J. Never grant AllPermission to untrusted code

ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV05-J. Do not grant RuntimePermission with target createClassLoader

ENV06-J. Provide a trusted environment and sanitize all inputs

ENV07-J. Do not deploy an application that can be accessed by the JVM Tool Interface

ENV08-J. Do not deploy an application that can be accessed using the Java Platform Debugger Architecture

ENV09-J. Limit remote uses of JVM Monitoring and Managing

ENV10-J. Do not disable bytecode verification

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
ENV00- J	high	probable	medium	P12	L1
ENV01- J	low	unlikely	medium	P2	L3
ENV02- J	high	probable	medium	P12	L1
ENV03- J	high	probable	low	P18	L1
ENV04- J	high	probable	medium	P12	L1

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ENV30- J	high	probable	low	P18	L1
ENV31- J	high	likely	low	P27	L1
ENV32- J	high	probable	low	P18	L1
ENV33- J	high	probable	low	P18	L1
ENV34- J	high	likely	low	P27	L1
ENV35- J	high	probable	medium	P12	L1

00. Introduction      The CERT Sun Microsystems Secure Coding Standard for Java      

No labels