Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > Self-Promotions by Authors and Publishers

Notices

Reply
 
Thread Tools Search this Thread
Old 09-30-2011, 11:26 AM   #1
Xenophon
curmudgeon
Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.Xenophon ought to be getting tired of karma fortunes by now.
 
Xenophon's Avatar
 
Posts: 1,453
Karma: 5657812
Join Date: Jun 2006
Location: Pittsburgh, PA USA
Device: Kobo Aura (soon), (soon-to-be-ex)nook, (ex)PRS-700, (ex)PRS-500
The CERT® Oracle® Secure Coding Standard for Java

I've spent waaaay to much time over the past year helping to produce a secure coding standard for Java. It's finally available in printed form. The eBook version is supposed to be DRM-free; I have yet to check whether reality matches what the contract says.

Those Mobilereaders who have a professional interest in Java programming and security will probably find it interesting. For everyone else, it's a sure cure for insomnia. It is, after all, written in standards-ese — a language that may appear to resemble English.

Xenophon

What follows is the publisher's blurb for the book:

“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The CERT® Oracle® Secure Coding Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
–James A. Gosling, Father of the Java Programming Language

An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.

After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation.

The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers
security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
Xenophon is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Seriously thoughtful Coding Help Requested poohbear_nc Lounge 10 08-24-2010 10:42 AM
Active ID Oracle Oracle Introduce Yourself 5 04-06-2010 07:06 PM
Yay! Have over $80 in change to take to a coinstar machine for an Amazon gift cert! texasnightowl Amazon Kindle 54 10-27-2008 02:13 PM
python coding... alexxxm Sony Reader 8 01-31-2008 12:25 PM
[Apple]Java Embedding Plugin 0.9.2: Force java to run in browsers other than Safari Zire Lounge 4 05-24-2005 09:12 PM


All times are GMT -4. The time now is 03:02 AM.


MobileRead.com is a privately owned, operated and funded community.