Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 102 Next »

Recommendations

SEC00-J. Follow the principle of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC03-J. Do not use APIs that perform access checks against the immediate caller

SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC05-J. Minimize accessibility of classes and their members

SEC06-J. Sign and seal sensitive objects before transit

SEC07-J. Do not grant access to existing classes in forbidden packages

SEC08-J. Define custom security permissions for fine grained security

SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange

SEC10-J. Call the superclass's getPermissions method when writing a custom class loader

SEC11-J. Do not allow unauthorized construction of classes in forbidden packages

Rules

SEC30-J. Define wrappers around native methods

SEC31-J. Guard doPrivileged blocks against untrusted invocations

SEC32-J. Create and sign a SignedObject before creating a SealedObject

SEC33-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC34-J. Do not allow tainted variables in doPrivileged blocks

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SEC00- J

high

probable

high

P6

L2

SEC01- J

medium

probable

high

P4

L3

SEC02- J

high

probable

medium

P12

L1

SEC03- J

high

probable

medium

P12

L1

SEC04- J

high

probable

medium

P12

L1

SEC05- J

medium

likely

medium

P12

L1

SEC06- J

medium

likely

medium

P12

L1

SEC06- J

medium

probable

high

P4

L3

SEC07- J

high

likely

high

P9

L2

SEC08- J

medium

probable

high

P4

L3

SEC09- J

medium

likely

high

P6

L2

SEC10- J

high

probable

low

P18

L1

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30- J

medium

probable

high

P4

L3

SEC31- J

medium

likely

high

P6

L2

SEC32- J

medium

likely

low

P18

L1

SEC33- J

high

probable

medium

P12

L1

SEC34- J

high

likely

low

P27

L1


ENV35-J. Provide a trusted environment and sanitize all inputs      The CERT Sun Microsystems Secure Coding Standard for Java      SEC00-J. Follow the principle of least privilege

  • No labels