SEC00-J. Follow the principle of least privilege
SEC14-J. Provide sensitive mutable classes with unmodifiable wrappers
SEC05-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code
SEC06-J. Do not use APIs that perform access checks against the immediate caller
SEC01-J. Minimize accessibility of classes and their members
SEC16-J. Sign and seal sensitive objects before transit
SEC12-J. Do not grant untrusted code access to classes existing in forbidden packages
SEC10-J. Define custom security permissions for fine grained security
SEC15-J. Prefer using SSLSockets over Sockets for secure data exchange
SEC11-J. Call the superclass's getPermissions method when writing a custom class loader
SEC13-J. Do not allow unauthorized construction of classes in forbidden packages
SEC07-J. Declare classes that derive from a sensitive class or implement a sensitive interface final
SEC18-J. Define wrappers around native methods
SEC02-J. Guard doPrivileged blocks against untrusted invocations
SEC17-J. Create and sign a SignedObject before creating a SealedObject
SEC03-J. Do not allow tainted variables in doPrivileged blocks
SEC09-J. Do not base security checks on untrusted sources
SEC08-J. Enforce security checks in code that performs sensitive operations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
SEC00- J |
high |
probable |
high |
P6 |
L2 |
SEC01- J |
medium |
probable |
high |
P4 |
L3 |
SEC02- J |
high |
probable |
medium |
P12 |
L1 |
SEC03- J |
high |
probable |
medium |
P12 |
L1 |
SEC04- J |
high |
probable |
medium |
P12 |
L1 |
SEC05- J |
medium |
likely |
medium |
P12 |
L1 |
SEC06- J |
medium |
likely |
medium |
P12 |
L1 |
SEC06- J |
medium |
probable |
high |
P4 |
L3 |
SEC07- J |
high |
likely |
high |
P9 |
L2 |
SEC08- J |
medium |
probable |
high |
P4 |
L3 |
SEC09- J |
medium |
likely |
high |
P6 |
L2 |
SEC10- J |
high |
probable |
low |
P18 |
L1 |
SEC11- J |
high |
likely |
high |
P9 |
L2 |
SEC12- J |
medium |
probable |
low |
P12 |
L1 |
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
SEC30- J |
medium |
probable |
high |
P4 |
L3 |
SEC31- J |
medium |
likely |
high |
P6 |
L2 |
SEC32- J |
medium |
likely |
low |
P18 |
L1 |
SEC33- J |
high |
probable |
medium |
P12 |
L1 |
SEC34- J |
high |
likely |
low |
P27 |
L1 |
SEC35- J |
high |
probable |
medium |
P12 |
L1 |
SEC36- J |
high |
probable |
medium |
P12 |
L1 |
ENV35-J. Provide a trusted environment and sanitize all inputs The CERT Sun Microsystems Secure Coding Standard for Java SEC00-J. Follow the principle of least privilege