...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2c22f02b-f098-4517-bc36-94e6d794b55d"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 502 | http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 499 "Serializable Class Containing Sensitive Data" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="0a305e23-a962-4f3d-adfc-4a342e3eac89"><ac:plain-text-body><![CDATA[ | [[Bloch |
...
2005 |
...
AA. |
...
Bibliography#Bloch |
...
05] |
...
] |
...
Puzzle |
...
83: |
...
Dyslexic |
...
Monotheism | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="21a67b11-1124-4b70-aba4-ca02128886c3"><ac:plain-text-body><![CDATA[ | [[Bloch 2001 | AA. Bibliography#Bloch 01]] | Item 1: Enforce the singleton property with a private constructor | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="de78ba7e-000c-48ab-8e15-e0ba25613cfc"><ac:plain-text-body><![CDATA[ | [[Greanier 2000 | AA. Bibliography#Greanier 00]] | [Discover the secrets of the Java Serialization API | http://java.sun.com/developer/technicalArticles/Programming/serialization/ |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cada3a48-1448-4a16-85ed-18150d27894b"><ac:plain-text-body><![CDATA[ | [[Harold |
...
1999 |
...
AA. |
...
Bibliography#Harold |
...
99]] |
...
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a37afe40-12eb-46c6-856d-5b7f8620ad4a"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Transient modifier | http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020 |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="82cce026-01fd-40b5-a065-dedca63d35cd"><ac:plain-text-body><![CDATA[ | [[Long |
...
2005 |
...
AA. |
...
Bibliography#Long |
...
05] |
...
] |
...
Section |
...
2.4, |
...
Serialization | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4be7a80a-b420-49df-9107-9c8466e466d4"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 5-1 Guard sensitive data during serialization | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="147b5bbe-68d0-49e5-9109-ce90ab19290d"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.4 Preventing Serialization of Sensitive Data" | ]]></ac:plain-text-body></ac:structured-macro> |
...
SER02-J. Sign and seal sensitive objects before sending them outside a trust boundary 16. Serialization (SER) SER05-J. Do not allow serialization and deserialization to bypass the Security Manager