Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

Failure to enforce security checks in code that performs sensitive operations can lead to malicious tampering of sensitive data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC04-J

High

Probable

Medium

P12

L1

Automated Detection

Identifying sensitive operations requires assistance from the programmer; fully automated identification of sensitive operations is beyond the current state of the art.

Given knowledge of which operations are sensitive, as well as which specific security checks must be enforced for each operation, an automated tool could reasonably enforce the invariant that the sensitive operations are invoked only from contexts where the required security checks have been performed.

ToolVersionCheckerDescription
Parasoft Jtest
9.5SECURITY.WSC.SCFImplemented
Include Page
Parasoft_V
Parasoft_V
CERT.SEC04.SCFEnforce 'SecurityManager' checks before setting or getting fields

Android Implementation Details

The java.security package exists on Android for compatibility purposes only, and it should not be used.

Bibliography

...


...

Image Modified