This is the first authoritative, comprehensive compilation of code-level requirements for building secure systems in Java. Organized by CERT's pioneering software security experts, with support from Oracle's own Java platform developers, it covers every facet of secure software coding with Java 7 SE and Java 6 SE, and offers value even to developers working with other Java versions. The authors itemize the most common coding errors leading to vulnerabilities in Java programs, and provide specific guidelines for avoiding each of them. They show how to produce programs that are not only secure, but also safer, more reliable, more robust, and easier to maintain. After a high-level introduction to Java application security, eighteen consistently-organized chapters detail specific guidelines for each facet of Java development. Each set of guidelines defines conformance, presents both non-compliant examples and corresponding compliant solutions, shows how to assess risk, and offers references for further information. To limit this book's size, the authors focus on "normative requirements": strict rules for what programmers must do for their work to be secure, as defined by conformance to specific standards that can be tested through automated analysis software. (Note: A follow-up book will present "non-normative requirements": recommendations for what Java developers typically "should" do to further strengthen program security beyond testable "requirements.")
The CERT® Oracle® Secure Coding Standard for Java (SEI Series in Software Engineering)
- Authors
- Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
- ISBN
- 0321803957
- Published
- 26 Sep 2011
- Purchase online
- amazon.com
This is the first authoritative, comprehensive compilation of code-level requirements for building secure systems in Java. Organized by CERT's pioneering software security experts, with support from Oracle's own Java platform developers, it covers every facet of secure software coding with Java 7 SE and Java 6 SE, and offers value even to developers working with other Java versions.
Editorial Reviews
You might also like...
Oracle books
-
Spring Roo 1.1 Cookbook
Over 60 recipes to help you speed up the development of your Java web applications using the Spring Roo development tool *Learn what goes on behind the scenes when using Spring Roo and how to migrate your existing Spring applications to use Spring R...
Oracle jobs
-
Build simple tools to solve complex problems at Red Gate
Red Gate Software in Cambridge, UK, United Kingdom
£35,000-55,000 GBP per year -
Java Developer - (Central London & Client Sites)
Fruitful Business Services in London (EC1V), United Kingdom
£27-45k (DOE) -
Content Developer - (Games Studio) - Cambridge
Jagex in Cambridge (CB1), United Kingdom
£Very Competitive +Excellent Benefits -
Senior C++ Developer/ Full-time Atlanta, GA for leader in Software Supply Chain Solutions
Manhattan Associates in Atlanta, United States
Competitive Salary + Bonus as well as Full Benefits (Medical, Dental, strong 401K, etc.)
Oracle podcasts
-
Java Posse: "Dickless"
Published 7 years ago, running time 0h0m
“Dickless”Fully formatted shownotes can always be found at http://javaposse.com *Interfaces, classes, and API design Blog: http://graphics-geek.blogspot.com/2013/03/for-api-nerds-interfaces-and-inner.html Default Methods: http://www.techempower.com/blog/2013/03/26/everythin.
Comments