Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Pages
Old Categories
1. Security
Page History
Versions Compared
Old Version
2
changes.mady.by.user
Carol J. Lallier
Saved on
Sep 28, 2014
compared with
New Version
3
changes.mady.by.user
Carol J. Lallier
Saved on
Sep 29, 2014
Previous Change: Difference between versions 1 and 2
Next Change: Difference between versions 3 and 4
View Page History
Key
This line was added.
This line was removed.
Formatting was changed.
...
Dealing with sensitive data
Avoiding common injection attacks
Language features that can be misused to compromise security
Details of Java’s fine-grained security mechanism
Content by Label
max
99
spaces
@self
labels
+1security
01. Limit the lifetime of sensitive data
02. Do not store unencrypted sensitive information on the client side
03. Provide sensitive mutable classes with unmodifiable wrappers
04. Ensure that security-sensitive methods are called with validated arguments
05. Prevent arbitrary file upload
06. Properly encode or escape output
07. Prevent code injection
08. Prevent XPath Injection
09. Prevent LDAP injection
10. Do not use the clone method to copy untrusted method parameters
11. Do not use Object.equals() to compare cryptographic keys
12. Do not use insecure or weak cryptographic algorithms
13. Store passwords using a hash function
14. Ensure that SecureRandom is properly seeded
15. Do not rely on methods that can be overridden by untrusted code
16. Avoid granting excess privileges
17. Minimize privileged code
18. Do not expose methods that use reduced-security checks to untrusted code
19. Define custom security permissions for fine-grained security
20. Create a secure sandbox using a security manager
21. Do not let untrusted code misuse privileges of callback methods
Overview
Content Tools
{"serverDuration": 68, "requestCorrelationId": "38cb7bbf626bd9d3"}