Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
A
t
tachments (0)
Page History
Page Information
Resolved comments
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
Old Categories
Jira links
1. Security
Created by
Carol J. Lallier
, last modified by
David Svoboda
on
Oct 20, 2014
Security: Introduction
Page:
FIO52-J. Do not store unencrypted sensitive information on the client side
Page:
IDS51-J. Properly encode or escape output
Page:
IDS52-J. Prevent code injection
Page:
IDS53-J. Prevent XPath Injection
Page:
IDS54-J. Prevent LDAP injection
Page:
IDS56-J. Prevent arbitrary file upload
Page:
MET52-J. Do not use the clone() method to copy untrusted method parameters
Page:
MET56-J. Do not use Object.equals() to compare cryptographic keys
Page:
MSC59-J. Limit the lifetime of sensitive data
Page:
MSC61-J. Do not use insecure or weak cryptographic algorithms
Page:
MSC62-J. Store passwords using a hash function
Page:
MSC63-J. Ensure that SecureRandom is properly seeded
Page:
OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers
Page:
OBJ57-J. Do not rely on methods that can be overridden by untrusted code
Page:
SEC50-J. Avoid granting excess privileges
Page:
SEC51-J. Minimize privileged code
Page:
SEC52-J. Do not expose methods that use reduced-security checks to untrusted code
Page:
SEC53-J. Define custom security permissions for fine-grained security
Page:
SEC54-J. Create a secure sandbox using a security manager
Page:
SEC55-J. Ensure that security-sensitive methods are called with validated arguments
Page:
SEC57-J. Do not let untrusted code misuse privileges of callback methods
section
Overview
Content Tools
{"serverDuration": 109, "requestCorrelationId": "9c0a07c53d95e470"}
