Chapter 18. Miscellaneous (MSC)
Rules
Risk Assessment Summary
MSC00-J. Use SSLSocket
rather than Socket
for secure data exchange
Programs must use the javax.net.ssl.SSLSocket
class rather than the java.net.Socket
class when transferring sensitive data over insecure communication channels. The class SSLSocket
provides security protocols such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure that the channel is not vulnerable to eavesdropping and malicious tampering.
The principal protections included in SSLSocket
that are not ...
Get The CERT® Oracle® Secure Coding Standard for Java™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.