...
This coding standard does not address concerns specific to only one Java-based platform but applies broadly to all platforms. For example, guidelines that are applicable to Java Micro Edition (ME) or Java Enterprise Edition (EE)) alone and not to Java Standard Edition (SE) are typically not included. Within In Java SE, APIs that deal with the user interface (user interface toolkits) or the web interface for providing features such as sound, graphical rendering, user account access control, session management, authentication, and authorization, are beyond the scope of this standard. However, this does not preclude the standard from discussing networked Java systems in light of the risks associated with improper input validation and injection flaws and suggesting appropriate mitigation strategies. This standard assumes that the functional specification of the product correctly identifies and prevents higher-level design and architectural vulnerabilities.
...