...
[API 2006] | |
[Gong 2003] | 9.10, Sealing Objects |
[Harold 1999] | Chapter 11, Object serialization, sealed objects |
[Neward 2004] | Item 64, Use SignedObject to provide integrity of serialized objects |
| Item 65, Use SealedObject to provide confidentiality of serializable objects |
[Steel 2005] | Chapter 10, Securing the Business Tier, Obfuscated Transfer Object |
...
13. Rule 14: Serialization (SER) SER03-J. Do not serialize unencrypted, sensitive data
