Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
About Confluence
Log in
Android
Edit space details
Pages
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
A
t
tachments (0)
Page History
Page Information
Resolved comments
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
Android Secure Coding Standard
4 By Language
Java Coding Language
Jira links
Not Applicable to Android (Java Rules/Recomendations)
Created by
Barbara White
, last updated by
Sandy Shrum
on
May 07, 2015
1 minute read
Rules
Page:
ENV00-J. Do not sign code that performs only unprivileged operations
Page:
ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
Page:
ENV03-J. Do not grant dangerous combinations of permissions
Page:
ENV05-J. Do not deploy an application that can be remotely monitored
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Recommendations
Page:
ERR54-J. Use a try-with-resources statement to safely handle closeable resources
Page:
SEC52-J. Do not expose methods that use reduced-security checks to untrusted code
Page:
SEC54-J. Create a secure sandbox using a security manager
applicability-list
java
Overview
Content Tools
{"serverDuration": 74, "requestCorrelationId": "616e1d1a2f08c1d5"}