Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 14. Serialization (SER)
SER03-J. Do not serialize unencrypted sensitive data
Page Information
Title:
SER03-J. Do not serialize unencrypted sensitive data
Author:
Dhruv Mohindra
Jun 30, 2008
Last Changed by:
Jon O'Donnell
Aug 06, 2021
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/JjdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (4)
Page:
SER06-J. Make defensive copies of private mutable components during deserialization
Page:
SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
Page:
SER02-J. Sign then seal objects before sending them outside a trust boundary
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Hierarchy
Parent Page
Page:
Rule 14. Serialization (SER)
Labels
Global Labels (6)
sensitive
ser
android-applicable
android
rule
analyzable
Recent Changes
Time
Editor
Aug 06, 2021 09:30
Jon O'Donnell
View Changes
May 18, 2021 08:47
Michal Rozenau
View Changes
Parasoft Jtest 2021.1
Feb 26, 2021 09:45
Michal Rozenau
View Changes
Parasoft Jtest 2020.2
Feb 12, 2018 22:02
Will Snavely
View Changes
Jan 05, 2017 14:54
Will Snavely
View Page History
Outgoing Links
External Links (5)
cwe.mitre.org/
cwe.mitre.org/data/definitions/499.html
java.sun.com/developer/technicalArticles/Programming/serial…
cwe.mitre.org/data/definitions/502.html
www.oracle.com/technetwork/java/seccodeguide-139067.html
SEI CERT Oracle Coding Standard for Java (14)
Page:
SER02-J. Sign then seal objects before sending them outside a trust boundary
Page:
CodeSonar_V
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Page:
Rule BB. Glossary
Page:
Coverity
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
OBJ11-J. Be wary of letting constructors throw exceptions
Page:
Parasoft_V
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
Rule 14. Serialization (SER)
Page:
Parasoft
Page:
Rule AA. References
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
MSC07-J. Prevent multiple instantiations of singleton objects
SEI CERT C Coding Standard (1)
Page:
CodeSonar
Overview
Content Tools
{"serverDuration": 87, "requestCorrelationId": "aee5b48ed2f8ec50"}
