...
The general case of automated detection appears to be infeasible because determining which specific data may be passed through the socket is not statically computable. An approach that introduces a custom API for passing sensitive data via secure sockets may be feasible. User tagging of sensitive data is a necessary requirement for such an approach.
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest | 9.5 | SECURITY.WSC.USC | Implemented |
Related Guidelines
...