SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 65

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 66

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="519c7574d4af6345-bf85abb6-48c047e6-9574843f-a18850d5c99c71312742425e"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Improperly Verified Signature [XZR]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-300, "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')"

 

CWE-319, "Cleartext Transmission of Sensitive Information"

 

CWE-494, "Download of Code Without Integrity Check"

 

CWE-347, "Improper Verification of Cryptographic Signature"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9d6a2a9203adf36c-a543da4d-41e84bc0-aff29d41-aeeb0433f9a1e69963138297"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e99696b2a4f2a57a-697ba7fc-42ff49e1-954c95b0-5478f7a7c7a64c24feef4ed2"><ac:plain-text-body><![CDATA[

[[Bea 2008

AA. Bibliography#Bea 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="791629d757f268d3-fcf9558d-49104d87-96e8a7a8-449b22b21c18264a400fd628"><ac:plain-text-body><![CDATA[

[[Eclipse 2008

AA. Bibliography#Eclipse 08]]

[JAR Signing

http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code

http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="207535362e57393d-d1b16eca-43a34c64-9c6c84b4-0120b79a142707c395443807"><ac:plain-text-body><![CDATA[

[[Fairbanks 2007

AA. Bibliography#Fairbanks 07]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0d9863a6f61ade9a-aa86fc1f-449a4357-88a6841d-d0a372d29554aa59671af90b"><ac:plain-text-body><![CDATA[

[[Flanagan 2005

AA. Bibliography#Flanagan 05]]

Chapter 24. The java.util.jar Package

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4b58491a3a9b4621-a2be60c4-4ae648df-9704b50d-12f33498ab470104d3253d42"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

12.8.3 jarsigner

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b3f9126371088b8a-dcdd8689-41fe414d-a0bc83bd-fa7528994294080065a5a65c"><ac:plain-text-body><![CDATA[

[[Halloway 2001

AA. Bibliography#Halloway 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b7086ee8dc93280f-f5f14acc-41364626-95b2a2f6-12a6c4519d4b44a6be209913"><ac:plain-text-body><![CDATA[

[[JarSpec 2008

AA. Bibliography#JarSpec 08]]

Signature Validation

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7278e435cac8d9dc-76f38bac-48834640-89e3bae1-15b432a2466ab1283f87f45f"><ac:plain-text-body><![CDATA[

[[Oaks 2001

AA. Bibliography#Oaks 01]]

Chapter 12: Digital Signatures, Signed Classes

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e77fe870849d5881-2d012516-4b084ce3-922c8a8b-7447e7c9c2b55ac3867a691c"><ac:plain-text-body><![CDATA[

[[Muchow 2001

AA. Bibliography#Muchow 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a25c05e317ef9bb5-e4610ee3-48844a52-887dadc3-24a8166fae7b602ff7fcfa2b"><ac:plain-text-body><![CDATA[

[[Tutorials 2008

AA. Bibliography#Tutorials 08]]

[The JarRunner Class

http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges

http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files

http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html]

]]></ac:plain-text-body></ac:structured-macro>

...

      14. Platform Security (SEC)      SEC07-J. Call the superclass's getPermissions method when writing a custom class loaderImage Added