...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
DRD??DRD00-Jmedium | likely | high | P6 | L2 | DRD??-J | low | unlikely | probable | medium | P2P12 | L3L1 | |
DRD??DRD01-J | high | probable | mediumlow | P12P18 | L1 | |||||||
Rule | Rule Text | Severity | Likelihood | Remediation Cost | Priority | Level | ||||||
DRD??DRD03-J | Do not log sensitive information to on-device logs |
|
|
|
|
| ||||||
DRD??-J | Do not store sensitive information to unprotected location |
|
|
|
|
| ||||||
DRD??-J | When store sensitive data, encrypt it and give proper file permissions |
|
|
|
|
| ||||||
| DRD??-J | Ensure there are strong server side controls, or do not count on confidentiality or integrity of data sent to server | |||||||||||
| DRD??-J | Ensure sufficient transport layer protection | |||||||||||
| DRD??-J | Do not store some types of very sensitive data | |||||||||||
| DRD??-J | Do not ignore certification validation errors and then fall back to clear text communications | |||||||||||
| DRD??-J | Validate all data sent to and received from untrusted third-party applications before processing | |||||||||||
high | probable | high | P6 | L2 | ||||||||
DRD03-J | High | Probable | Medium | P12 | L1 | |||||||
DRD03-J | High | Probable | Medium | P12 | L1 | DRD??-J | No writing to SD card unless data identified as no privileges needed |
ENV05-J. Do not deploy an application that can be remotely monitored The CERT Oracle Secure Coding Standard for Java MSC00-J. Use SSLSocket rather than Socket for secure data exchange
...