SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 129

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 130

changes.mady.by.user David Lindsay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER03-J

medium

likely

high

P6

L2

Automated Detection

Tool
Version
Checker
Description
Coverity7.5UNSAFE_DESERIALIZATIONImplemented

Related Guidelines

MITRE CWE

CWE-499. Serializable class containing sensitive data

 

CWE-502. Deserialization of untrusted data

Secure Coding Guidelines for the Java Programming Language, Version 3.0

Guideline 5-2. Guard sensitive data during serialization

...

SER02-J. Sign then seal sensitive objects before sending them outside a trust boundary      13. Rule 14: Serialization (SER)