The CERT® Oracle® Secure Coding Standard for Java (SEI by Fred Long

By Fred Long

A necessary part of safe coding within the Java programming language is a well-documented and enforceable coding regular. Coding criteria motivate programmers to stick to a uniform algorithm made up our minds via the necessities of the venture and association, instead of through the programmer’s familiarity or choice. as soon as tested, those criteria can be utilized as a metric to judge resource code (using guide or automatic processes).
The CERT® Oracle® safe Coding general for Java™ offers ideas designed to get rid of insecure coding practices which can result in exploitable vulnerabilities. program of the standard’s instructions will bring about higher-quality systems–robust platforms which are extra proof against assault. Such instructions are required for the wide variety of goods coded in Java–for units corresponding to desktops, video game avid gamers, cell phones, domestic home equipment, and automobile electronics.
After a high-level creation to Java program protection, seventeen regularly geared up chapters aspect particular principles for key parts of Java improvement. for every sector, the authors current noncompliant examples and corresponding compliant options, convey the best way to examine hazard, and supply references for additional info. every one rule is prioritized in response to the severity of outcomes, probability of introducing exploitable vulnerabilities, and value of remediation.
The ordinary presents safe coding ideas for the Java SE 6 Platform together with the Java programming language and libraries, and likewise addresses new gains of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, courses builders within the right use of Java’s APIs and defense structure, and considers defense matters relating normal extension APIs (from the javax package deal hierarchy).The ordinary covers protection concerns appropriate to those libraries: lang, util, Collections, Concurrency Utilities, Logging, administration, mirrored image, usual Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.

Show description

Read Online or Download The CERT® Oracle® Secure Coding Standard for Java (SEI Series in Software Engineering) PDF

Best oracle books

Oracle PL/SQL Programming 4Th Edition

За последние 10 лет книга Oracle PL/SQL Programming издательства O'Reilly's стала бестселлером среди книг по PL/SQL, процедурному языку базы данных Oracle. Снабженная примерами и полезными рекомендациями книнга является незаменимой как новичкам, так и гуру, как разработчикам на Oracle types, так и администраторам - используйте PL/SQL на полную мощь.

Oracle Streams 11g Data Replication

Grasp Oracle Streams 11g Replication let real-time info entry and knowledge sharing throughout your allotted framework utilizing the professional info during this Oracle Press advisor. Oracle Streams 11g facts Replication explains easy methods to arrange and administer a unified company facts sharing infrastructure.

Oracle Application Express 4 Recipes

Oracle software show four Recipes offers an example-based method of studying program convey - the ground-breaking, quick program improvement platform integrated with each Oracle Database license. The recipes layout is perfect for the quick-study who simply desires a great instance or to kick begin their pondering and get pointed within the correct path.

Additional resources for The CERT® Oracle® Secure Coding Standard for Java (SEI Series in Software Engineering)

Example text

When Java was first designed, dealing with security was a key component. And in the years since then, all of the various standard libraries, frameworks, and containers that have been built have had to deal with security too. In the Java world, security is not viewed as an add-on feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn舗t mean that security is assured automatically. A set of standard practices has evolved over the years.

System Qualities Security is one of many system attributes that must be considered in the selection and application of a coding standard. Other attributes of interest include safety, portability, reliability, availability, maintainability, readability, and performance. Many of these attributes are interrelated in interesting ways. For example, readability is an attribute of maintainability; both are important for limiting the introduction of defects during maintenance that can result in security flaws or reliability issues.

Do not use deprecated or obsolete classes or methods MET03-J. Methods that perform a security check must be declared private or final MET04-J. Do not increase the accessibility of overridden or hidden methods MET05-J. Ensure that constructors do not call overridable methods MET06-J. Do not invoke overridable methods in clone() MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface MET08-J. Ensure objects that are equated are equatable MET09-J. Classes that define an equals() method must also define a hashCode() method MET10-J.

Download PDF sample

Rated 4.91 of 5 – based on 20 votes