Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

by Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland
     
 

View All Available Formats & Editions

“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”

–Mary Ann

…  See more details below

Overview

“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”

–Mary Ann Davidson, Chief Security Officer, Oracle Corporation

Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.

Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.

You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.

Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.

With a Foreword by James A. Gosling, Father of the Java Programming Language

Read More

Editorial Reviews

From the Publisher

"This set of Java™ Coding Guidelines , a follow-on to the earlier The CERT® Oracle Secure Coding Standard for Java ™, is invaluable. This book could almost be retitled Reliable Java™ Coding Guidelines. One of the things that has struck me over the years is the interplay between reliability and security. There are all sorts of explicit security tools—cryptography, authentication, and others—but most break-ins are exploitations of bugs: coding that was badly done or that was insufficiently defensive. Building a reliable system is, in many ways, equivalent to building a secure system. The work you do in reliability pays off in security, and vice versa.

"This book highlights the fact that security is not a feature; it is an attitude toward taking due care at every point. It should be a continuous part of every software engineer’s design thought process. It is organized around a list of guidelines. The meat of the book is the subtlety behind them. For example, “Store passwords using a hash function” appears to be a very basic and obvious point, and yet there are regular news articles about major data breaches just because some software engineer wasn’t thinking. Getting it right is tricky: there are a lot of details for the devil to hide in. This book is full of excellent guidance for dealing with those details."
—James A. Gosling

Product Details

ISBN-13:
9780321933157
Publisher:
Addison-Wesley
Publication date:
09/13/2013
Series:
SEI Series in Software Engineering Series
Pages:
304
Sales rank:
943,604
Product dimensions:
6.90(w) x 9.00(h) x 0.70(d)

Related Subjects

Meet the Author

Fred Long is a senior lecturer in the Department of Computer Science, Aberystwyth University, in the United Kingdom. He is chairman of the British Computer Society’s Mid-Wales Branch. Fred has been a visiting scientist at the Software Engineering Institute (SEI) since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Fred is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Dhruv Mohindra is a technical lead in the security practices group that is part of the CTO’s office at Persistent Systems Limited, India, where he provides information security consulting solutions across various technology verticals such as cloud, collaboration, banking and finance, telecommunications, enterprise, mobility, life sciences, and health care. Dhruv has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Robert C. Seacord is the Secure Coding Initiative technical manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the School of Computer and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008), and is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012), and Secure Coding in C and C++ (Addison-Wesley, 2013).

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. Dean is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

David Svoboda is a software security engineer at CERT/SEI. He also maintains the CERT Secure Coding standard websites for Java, as well as C, C++, and Perl. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). David is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >