|
Page: SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
|
Carol J. Lallier |
Jul 01, 2015
|
|
Page: SEC01-J. Do not allow tainted variables in privileged blocks
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SEC02-J. Do not base security checks on untrusted sources
|
Michal Rozenau |
May 18, 2021
|
|
Page: SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
|
Michal Rozenau |
May 18, 2021
|
|
Page: SEC04-J. Protect sensitive operations with security manager checks
|
Michal Rozenau |
May 18, 2021
|
|
Page: SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
|
Winfried Gerlach |
Jan 25, 2022
|
|
Page: SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC08-J Trusted code must discard or clean any arguments provided by untrusted code
|
Barbara White |
Mar 05, 2015
|
|
Page: SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code
|
Barbara White |
Mar 05, 2015
|
|
Page: SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs
|
Barbara White |
Mar 05, 2015
|
|
Page: SEC50-J. Avoid granting excess privileges
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC51-J. Minimize privileged code
|
Michal Rozenau |
Jan 10, 2023
|
|
Page: SEC52-J. Do not expose methods that use reduced-security checks to untrusted code
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC53-J. Define custom security permissions for fine-grained security
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC54-J. Create a secure sandbox using a security manager
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC55-J. Ensure that security-sensitive methods are called with validated arguments
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC56-J. Do not serialize direct handles to system resources
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC57-J. Do not let untrusted code misuse privileges of callback methods
|
Will Snavely |
Nov 16, 2017
|
|
Page: SEC58-J. Deserialization methods should not perform potentially dangerous operations
|
Will Snavely |
Nov 16, 2017
|
|
Page: SECURE CODING GUIDELINES FOR JAVA SE, VERSION 5.0
|
Derek Leung |
Dec 03, 2018
|
|
Page: Security: Introduction
|
Carol J. Lallier |
Oct 26, 2014
|
|
Home page: SEI CERT Oracle Coding Standard for Java
|
Robert Schiela |
Jun 11, 2018
|
|
Page: SER00-J. Enable serialization compatibility during class evolution
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SER01-J. Do not deviate from the proper signatures of serialization methods
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SER02-J. Sign then seal objects before sending them outside a trust boundary
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SER03-J. Do not serialize unencrypted sensitive data
|
Jon O'Donnell |
Aug 06, 2021
|
|
Page: SER04-J. Do not allow serialization and deserialization to bypass the security manager
|
Michal Rozenau |
May 18, 2021
|
|
Page: SER05-J. Do not serialize instances of inner classes
|
Alexandre GIGLEUX |
Dec 20, 2018
|
|
Page: SER06-J. Make defensive copies of private mutable components during deserialization
|
Jon O'Donnell |
Aug 06, 2021
|
