Goodreads helps you keep track of books you want to read.

Start by marking “The Cert Oracle Secure Coding Standard for Java” as Want to Read:

Other editions

Enlarge cover

Rate this book

Clear rating

1 of 5 stars 2 of 5 stars 3 of 5 stars 4 of 5 stars 5 of 5 stars

Open Preview

The Cert Oracle Secure Coding Standard for Java

by Fred Long

really liked it 4.0 · Rating Details · 1 Rating · 1 Review

"In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. "The Secure(R) Coding(R) Standard for Java(TM)" is a com
"In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. "The Secure(R) Coding(R) Standard for Java(TM)" is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff." --James A. Gosling, Father of the Java Programming Language An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes). "The CERT(R) Oracle(R) Secure Coding Standard for Java(TM)" provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard's guidelines will lead to higher-quality systems-robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java-for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics. After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation. The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java's APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP. ...more

ebook, 733 pages

Published September 6th 2011 by Addison-Wesley Professional (first published September 1st 2011)

More Details... edit details

Get a copy:

Or buy for

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Cert Oracle Secure Coding Standard for Java, please sign up.

Be the first to ask a question about The Cert Oracle Secure Coding Standard for Java

Lists with This Book

This book is not yet featured on Listopia. Add this book to your favorite list »

Community Reviews

(showing 1-5 of 5)

filter | sort: default (?) | Rating Details

Nov 20, 2011 Jeanne Boyarsky rated it really liked it

Shelves: technology

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example ...more

flag Like · see review

Stelian marked it as to-read
Nov 24, 2014

Ramakanth marked it as to-read
Sep 09, 2014

Praveen marked it as to-read
Jul 23, 2014

Pırıl added it
Dec 18, 2013

new topic
Discuss This Book

There are no discussion topics on this book yet. Be the first to start one »

Recommend It | Stats | Recent Status Updates

Books by Fred Long

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

Tales from One Blade of Grass: (A Memoir)

Software Engineering Environments: International Workshop on Environments, Chinon, France, September 18-20, 1989. Proceedings (Lecture Notes in Computer Science)

More…

Share This Book

+ Share on your website

Trivia About The Cert Oracle S...

No trivia or quizzes yet. Add some now »

title link	preview: The Cert Oracle Secure Coding Standard for Java
avg rating	preview: The Cert Oracle Secure Coding Standard for Java Goodreads rating: 4.00 (1 ratings)
small image	preview: click here [close]
med image	preview: click here [close]
BBCode	[url=https://www.goodreads.com/book/show/12649868-the-cert-oracle-secure-coding-standard-for-java?utm_medium=api&utm_source=blog_book][img]https://d.gr-assets.com/books/1347797137l/12649868.jpg[/img][/url] [url=https://www.goodreads.com/book/show/12649868-the-cert-oracle-secure-coding-standard-for-java?utm_medium=api&utm_source=blog_book]The Cert Oracle Secure Coding Standard for Java by Fred Long[/url]

See a Problem?

Preview — The Cert Oracle Secure Coding Standard for Java by Fred Long

The Cert Oracle Secure Coding Standard for Java

Friend Reviews

Reader Q&A

Lists with This Book

Community Reviews

new topic
Discuss This Book

Books by Fred Long

Share This Book

Share on your website

Trivia About The Cert Oracle S...

See a Problem?

Preview — The Cert Oracle Secure Coding Standard for Java by Fred Long

The Cert Oracle Secure Coding Standard for Java

Friend Reviews

Reader Q&A

Lists with This Book

Community Reviews

new topicDiscuss This Book

Books by Fred Long

Share This Book

Share on your website

Trivia About The Cert Oracle S...

new topic
Discuss This Book