...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CWE ID 499, "Serializable Class Containing Sensitive Data" | |||||||
| <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5639d05a-c7cc-433a-8f82-062892e90026"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 502 | http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4b132a047c0d9a87-5dc2a2fa-4394496a-bae4b24f-9bbf22ee6d0619fc706b16fc"><ac:plain-text-body><![CDATA[ | [[SCG 2009 | AA. Bibliography#SCG 09]] | Guideline 5-2 Guard sensitive data during serialization | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="082f2fcb34b023b4-d1c17501-4483411d-97e0bc7f-6cded05445f798c7491707a1"><ac:plain-text-body><![CDATA[ | [[Bloch 2005 | AA. Bibliography#Bloch 05]] | Puzzle 83: Dyslexic Monotheism | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="08a34b540f98d4e9-7ada388a-44b04c69-b1578403-a93970f7380412aaee4ffafd"><ac:plain-text-body><![CDATA[ | [[Bloch 2001 | AA. Bibliography#Bloch 01]] | Item 1: Enforce the singleton property with a private constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f783aa99f088caf-bbb18b7c-44b841c6-a0118859-69efd91c2d70d1f022ec358c"><ac:plain-text-body><![CDATA[ | [[Greanier 2000 | AA. Bibliography#Greanier 00]] | [Discover the secrets of the Java Serialization API | http://java.sun.com/developer/technicalArticles/Programming/serialization/] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bd21cc6a9e5eade9-2e633f5d-4b6a4475-a7e0b139-84aaed185aa5bcfc0a185dbc"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bf2599a6efa7f85f-334ed1ab-41ab4f97-9b85a1cf-501fc35f108d138141147594"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Transient modifier | http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="956240f3954fbaf1-d9ee2d6c-422a4f6d-9b72ad0b-03171ae866ab5010395632e5"><ac:plain-text-body><![CDATA[ | [[Long 2005 | AA. Bibliography#Long 05]] | Section 2.4, Serialization | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="63bf9591faf0923e-a27997ab-4cf74857-abd68b88-483981695ec9b5aa19eb110a"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.4 Preventing Serialization of Sensitive Data" | ]]></ac:plain-text-body></ac:structured-macro> |
...