Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
SEC00-J	medium	likely	high	P6	L2

Automated Detection

Identifying sensitive information requires assistance from the programmer; fully automated identification of sensitive information is beyond the current state of the art.

...

MITRE CWE	CWE-266. Incorrect privilege assignment
	CWE-272. Least privilege violation
Secure Coding Guidelines for the Java Programming Language, Version 3.0	Guideline 6-2. Safely invoke `java.security.AccessController.doPrivileged()`

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="53f3749d-ed57-4024-a6d5-dfe752fa9a6c"><ac:plain-text-body><![CDATA[	[ [API 2006AA. References#API 06]]	[Method `doPrivileged`()http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged`(`java.security.PrivilegedAction`)`]	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a765abc-6bfb-4135-a514-25031b15b19b"><ac:plain-text-body><![CDATA[
[ [Gong 2003AA. References#Gong 03]]	Sections 6.4, `AccessController`, and 9.5, Privileged Code ]]></ac:plain-text-body></ac:structured-macro>

...

14. Platform Security (SEC) 14. Platform Security (SEC)

Space shortcuts

Page tree

Versions Compared

Old Version 100

New Version 101

Key

Automated Detection

Bibliography