Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Be aware of the JVM Tool Interface

ENV02-J. Be aware of the Java Platform Debugger Architecture

ENV03-J. Limit remote uses of JVM Monitoring and Managing

Rules

ENV30-J. Create a secure sandbox using a Security Manager

ENV31-J. Never grant AllPermission to untrusted code

ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV33-J. Do not grant RuntimePermission with target createClassLoader

ENV34-J. Do not disable bytecode verification

ENV35-J. Provide a trusted environment and sanitize all inputs

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level


The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java