The CERT Oracle Secure Coding Standard for Java

The CERT Oracle Secure Coding Standard for Java

4.11 - 1251 ratings - Source

The only comprehensive set of guidelines for secure Java programming - from the field's leading organizations, CERT and Oracle a€c a€cAuthoritative, end-to-end code-level requirements for building secure systems with any recent version of Java, including the new Java 7 a€cPresents techniques that also improve safety, reliability, dependability, robustness, availability, maintainability, and other attributes of quality. a€cIncludes extensive risk assessment guidance, plus references for further information. This is the first authoritative, comprehensive compilation of code-level requirements for building secure systems in Java. Organized by CERT's pioneering software security experts, with support from Oracle's own Java platform developers, it covers every facet of secure software coding with Java 7 SE and Java 6 SE, and offers value even to developers working with other Java versions. The authors itemize the most common coding errors leading to vulnerabilities in Java programs, and provide specific guidelines for avoiding each of them. They show how to produce programs that are not only secure, but also safer, more reliable, more robust, and easier to maintain. After a high-level introduction to Java application security, eighteen consistently-organized chapters detail specific guidelines for each facet of Java development. Each set of guidelines defines conformance, presents both noncompliant examples and corresponding compliant solutions, shows how to assess risk, and offers references for further information. To limit this book's size, the authors focus on 'normative requirements': strict rules for what programmers must do for their work to be secure, as defined by conformance to specific standards that can be tested through automated analysis software. (Note: A follow-up book will present 'non-normative requirements': recommendations for what Java developers typically 'should' do to further strengthen program security beyond testable 'requirements.')final class Foo { private final AtomicReferencealt;Helperagt; helperRef = new AtomicReferencealt;Helperagt;(); public Helper ... Risk Assessment The incorrect assumption that classes that contain only references to immutable objects are ... Expressions that include postfix or prefix increment (++), postfix or prefix decrement (--), or compound assignment operators always result in compound operations.

Title:The CERT Oracle Secure Coding Standard for Java
Author:Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Publisher:Addison-Wesley Professional - 2012


You Must CONTINUE and create a free account to access unlimited downloads & streaming