...
This noncompliant code example simply serializes the map and then deserializes it. ThusConsequently, the map is capable of being serialized and transferred across different business tiers. Unfortunately, there are no safeguards against byte stream manipulation attacks while the binary data is in transit. Likewise, anyone can reverse engineer the serialized stream data from its hexadecimal notation to reveal the data in the HashMap.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="52ab6b27482699bc-730343b3-450d4fa8-ae85b079-a50a9d7b30b7f69cd9f59d59"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 319 | http://cwe.mitre.org/data/definitions/319.html] "Cleartext Transmission of Sensitive Information" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="47f0d359bec7b02a-5233bc39-4aa941b7-94798c67-37b88a0895ceb396cd28aa37"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2aad11d4340e381c-841d4dde-47a04ad6-8ac7a297-24f28dbc2616769b9b29f593"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.10 Sealing Objects | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3eb92b38c8cee226-df187b51-4e344610-8b5f8aae-34e2cb0e221dd4a106ea362e"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] | Chapter 11: Object Serialization, Sealed Objects | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00d52d288b329355-6faff759-401c4a62-95429cae-21764c0a73148f95300904da"><ac:plain-text-body><![CDATA[ | [[Neward 2004 | AA. Bibliography#Neward 04]] | Item 64: Use SignedObject to provide integrity of Serialized objects | ]]></ac:plain-text-body></ac:structured-macro> |
| Item 65: Use SealedObject to provide confidentiality of Serializable objects | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="aff424c4e5958c00-e55ce73c-48f845ad-af188f69-3dc467b45cacbdf747135e7e"><ac:plain-text-body><![CDATA[ | [[Steel 2005 | AA. Bibliography#Steel 05]] | Chapter 10: Securing the Business Tier, Obfuscated Transfer Object | ]]></ac:plain-text-body></ac:structured-macro> |
...