Recommendations

SEC01-J. Follow the principles of least privilege

SEC01-J. Provide sensitive mutable classes with unmodifiable wrappers

SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code

SEC03-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code

SEC04-J. Do not allow tainted parameters while using APIs that perform access checks against the immediate caller

SEC05-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified

SEC07-J. Minimize accessibility of classes and their members

SEC08-J. Sign and seal sensitive objects before transit

SEC09-J. Create and sign a SignedObject before creating a SealedObject

SEC10-J. Do not allow the unauthorized construction of sensitive classes

SEC11-J. Define custom security permissions for fine grained security

SEC12-J. Prefer using SSLSockets over Sockets for secure data exchange

Rules

SEC30-J. Always use a Security Manager

SEC31-J. Never grant AllPermission to untrusted code

SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks

SEC33-J. Define wrappers around native methods

SEC34-J. Do not sign code that performs only unprivileged operations

SEC35-J. Do not disable bytecode verification

SEC36-J. Guard doPrivileged blocks against untrusted invocations

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SEC01-J

medium

probable

high

P4

L3

SEC02-J

medium

probable

medium

P8

L2

SEC03-J

medium

probable

medium

P8

L2

SEC04-J

medium

probable

medium

P8

L2

SEC05-J

TODO

TODO

TODO

TODO

TODO

SEC06-J

medium

likely

medium

P12

L1

SEC07-J

medium

likely

medium

P12

L1

SEC08-J

TODO

TODO

TODO

TODO

TODO

SEC09-J

medium

unlikely

low

P6

L2

SEC10-J

high

probable

high

P6

L2

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-J

high

probable

low

P18

L1

SEC31-J

high

probable

low

P18

L1

SEC32-J

high

probable

low

P18

L1

SEC33-J

medium

probable

high

P4

L3

SEC35-J

medium

probable

low

P12

L1


The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      SEC36-J. Guard doPrivileged blocks against untrusted invocations