Page Information

Title:	Rec. AA. References
Author:	Fred Long	Sep 14, 2007
Last Changed by:	Matthew Churilla	Dec 20, 2019
Tiny Link: (useful for email)	https://wiki.sei.cmu.edu/confluence/x/ijZGBQ
Export As:	Word · PDF

Incoming Links

SEI CERT Oracle Coding Standard for Java (81)
Page: Rec. Preface
Page: MET51-J. Do not use overloaded methods to differentiate between runtime types
Page: MSC61-J. Do not use insecure or weak cryptographic algorithms
Page: MSC63-J. Ensure that SecureRandom is properly seeded
Page: MSC60-J. Do not use assertions to verify the absence of runtime errors
Page: OBJ50-J. Never confuse the immutability of a reference with that of the referenced object
Page: DCL57-J. Avoid ambiguous overloading of variable arity methods
Page: MSC52-J. Finish every set of statements associated with a case label with a break statement
Page: Rec.: All Guidelines with Classification
Page: OBJ51-J. Minimize the accessibility of classes and their members
Page: SEC53-J. Define custom security permissions for fine-grained security
Page: SEC54-J. Create a secure sandbox using a security manager
Page: Rec.: Priority and Levels
Page: OBJ55-J. Remove short-lived objects from long-lived container objects
Page: MSC55-J. Use comments consistently and in a readable fashion
Page: FIO53-J. Use the serialization methods writeUnshared() and readUnshared() with care
Page: MET52-J. Do not use the clone() method to copy untrusted method parameters
Page: OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null
Page: ERR50-J. Use exceptions only for exceptional conditions
Page: ERR52-J. Avoid in-band error indicators
Page: EXP52-J. Use braces for the body of an if, for, or while statement
Page: SEC57-J. Do not let untrusted code misuse privileges of callback methods
Page: MSC58-J. Prefer using iterators over enumerations
Page: MSC62-J. Store passwords using a hash function
Page: OBJ53-J. Do not use direct buffers for short-lived, infrequently used objects
Page: EXP50-J. Do not confuse abstract object equality with reference equality
Page: SEC56-J. Do not serialize direct handles to system resources
Page: MSC54-J. Avoid inadvertent wrapping of loop counters
Page: SEC52-J. Do not expose methods that use reduced-security checks to untrusted code
Page: EXP55-J. Use the same type for the second and third operands in conditional expressions
Page: MET54-J. Always provide feedback about the resulting value of a method
Page: CON51-J. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics
Page: Rec.: Scope
Page: EXP53-J. Use parentheses for precedence of operation
Page: MSC57-J. Strive for logical completeness
Page: DCL56-J. Do not attach significance to the ordinal associated with an enum
Page: IDS53-J. Prevent XPath Injection
Page: DCL52-J. Do not declare more than one variable per declaration
Page: FIO52-J. Do not store unencrypted sensitive information on the client side
Page: OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers
Page: Rec.: Tool Selection and Validation
Page: ERR51-J. Prefer user-defined exceptions over more general exception types
Page: EXP51-J. Do not perform assignments in conditional expressions
Page: CON50-J. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object
Page: DCL55-J. Properly encode relationships in constant definitions
Page: DCL51-J. Do not shadow or obscure identifiers in subscopes
Page: OBJ13-J. Ensure that references to mutable objects are not exposed
Page: IDS52-J. Prevent code injection
Page: ERR54-J. Use a try-with-resources statement to safely handle closeable resources
Page: OBJ01-J. Limit accessibility of fields
Page: IDS51-J. Properly encode or escape output
Page: OBJ52-J. Write garbage-collection-friendly code
Page: DCL60-J. Avoid cyclic dependencies between packages
Page: MSC56-J. Detect and remove superfluous code and values
Page: FIO51-J. Identify files using multiple file attributes
Page: NUM51-J. Do not assume that the remainder operator always returns a nonnegative result for integral operands
Page: DCL54-J. Use meaningful symbolic constants to represent literal values in program logic
Page: DCL58-J. Enable compile-time type checking of variable arity parameter types
Page: SEC51-J. Minimize privileged code
Page: MET53-J. Ensure that the clone() method calls super.clone()
Page: Rec. BB. Definitions
Page: NUM52-J. Be aware of numeric promotion behavior
Page: IDS56-J. Prevent arbitrary file upload
Page: DCL50-J. Use visually distinct identifiers
Page: EXP54-J. Understand the differences between bitwise and logical operators
Page: MET50-J. Avoid ambiguous or confusing uses of overloading
Page: NUM50-J. Convert integers to floating point for floating-point operations
Page: ERR53-J. Try to gracefully recover from system errors
Page: OBJ57-J. Do not rely on methods that can be overridden by untrusted code
Page: IDS55-J. Understand how escape characters are interpreted when strings are loaded
Page: MET55-J. Return an empty array or collection instead of a null value for methods that return an array or collection
Page: IDS54-J. Prevent LDAP injection
Page: CON52-J. Document thread-safety and use annotations where applicable
Page: DCL53-J. Minimize the scope of variables
Page: MSC59-J. Limit the lifetime of sensitive data
Page: MET56-J. Do not use Object.equals() to compare cryptographic keys
Page: MSC53-J. Carefully design interfaces before releasing them
Page: DCL59-J. Do not apply public final to constants whose value might change in later releases
Page: SEC50-J. Avoid granting excess privileges
Page: MSC50-J. Minimize the scope of the @SuppressWarnings annotation
Page: FIO50-J. Do not make assumptions about file creation

Hierarchy

Parent Page
Page: 4 Back Matter

Labels

Global Labels (2)

Recent Changes

Time	Editor
Dec 20, 2019 08:25	Matthew Churilla	View Changes
Add ASVS NIST800-63
Oct 18, 2016 09:51	David Svoboda	View Changes
Mar 04, 2016 08:36	David Svoboda	View Changes
Mar 05, 2015 08:51	Sandy Shrum	View Changes
Sep 24, 2014 11:51	Carol J. Lallier