MSC00-J. Eliminate class initialization cycles
MSC02-J. Avoid cyclic dependencies between packages
MSC03-J. Prefer using URIs to URLs
MSC04-J. Prefer using Iterators over Enumerations
MSC05-J. Carefully design interfaces before releasing them
MSC06-J. Do not mix generic with non-generic raw types in new code
MSC07-J. Library methods should validate their parameters
MSC08-J. Finish every set of statements associated with a case label with a break statement
MSC09-J. Do not assume infinite heap space
MSC10-J. Perform loss less conversion of String to given encoding and back
MSC11-J. Limit the lifetime of sensitive data
MSC12-J. Do not use insecure or weak cryptographic algorithms
MSC30-J. Generate truly random numbers
MSC31-J. Never hardcode sensitive information
MSC32-J. Prevent OS Command Injection
MSC33-J. Prevent against SQL Injection
MSC34-J. Prevent XML Injection
MSC35-J. Prevent XPath Injection
MSC36-J. Understand how escape characters are interpreted when String literals are compiled
MSC37-J. Make sensitive classes noncloneable
MSC38-J. Do not modify the underlying collection when an iteration is in progress
MSC39-J. Sanitize before processing or storing user input
MSC40-J. Account for supplementary and combining characters in globalized code
MSC41-J. Validate strings after performing normalization
MSC42-J. Do not delete non-character code points
MSC43-J. Prevent XML external entity attacks
MSC44-J. Properly encode or escape output
MSC45-J. Do not base security decisions on DNS resolution
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC00- J |
low |
unlikely |
medium |
P2 |
L3 |
MSC01- J |
low |
unlikely |
high |
P1 |
L3 |
MSC02- J |
low |
probable |
medium |
P4 |
L3 |
MSC03- J |
low |
probable |
medium |
P4 |
L3 |
MSC04- J |
low |
unlikely |
medium |
P2 |
L3 |
MSC05- J |
low |
probable |
high |
P2 |
L3 |
MSC06- J |
low |
probable |
medium |
P4 |
L3 |
MSC07- J |
medium |
probable |
high |
P4 |
L3 |
MSC08- J |
medium |
unlikely |
low |
P6 |
L2 |
MSC09- J |
low |
probable |
medium |
P4 |
L3 |
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC30- J |
high |
probable |
medium |
P12 |
L1 |
MSC31- J |
high |
probable |
medium |
P12 |
L1 |
MSC32- J |
high |
probable |
medium |
P12 |
L1 |
MSC33- J |
medium |
probable |
high |
P4 |
L3 |
MSC34- J |
medium |
probable |
medium |
P8 |
L2 |
MSC35- J |
medium |
probable |
medium |
P8 |
L2 |
MSC36- J |
low |
unlikely |
high |
P1 |
L3 |
MSC37- J |
medium |
probable |
medium |
P8 |
L2 |
MSC38- J |
low |
probable |
medium |
P4 |
L3 |
SER37-J. Do not deserialize from a privileged context The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles