The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to rules in the Platform Security (SEC) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a...
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that ...
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypas...
The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper clas...
Deprecated or Obsolete
CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" pu...