The CERT Oracle Secure Coding Standard for Java (SEI Series by Fred Long

By Fred Long

 

“In the Java international, defense isn't considered as an add-on a characteristic. it's a pervasive frame of mind. those that disregard to imagine in a safe attitude prove in difficulty. yet simply because the amenities are there doesn’t suggest that defense is guaranteed instantly. a collection of normal practices has developed through the years. The safe® Coding® normal for Java™ is a compendium of those practices. those aren't theoretical study papers or product advertising blurbs. this is often all critical, mission-critical, battle-tested, enterprise-scale stuff.”

James A. Gosling, Father of the Java Programming Language

 

An crucial component of safe coding within the Java programming language is a well-documented and enforceable coding regular. Coding criteria motivate programmers to stick with a uniform algorithm decided through the necessities of the venture and association, instead of by means of the programmer’s familiarity or choice. as soon as proven, those criteria can be utilized as a metric to guage resource code (using guide or automatic processes).

 

The CERT® Oracle® safe Coding normal for Java™ offers ideas designed to cast off insecure coding practices that could result in exploitable vulnerabilities. program of the standard’s guidance will result in higher-quality systems–robust platforms which are extra immune to assault. Such guidance are required for the big variety of goods coded in Java–for units resembling computers, online game avid gamers, cell phones, domestic home equipment, and car electronics.

 

After a high-level creation to Java program safeguard, seventeen regularly equipped chapters element particular ideas for key components of Java improvement. for every region, the authors current noncompliant examples and corresponding compliant ideas, express the right way to verify possibility, and supply references for extra info. each one rule is prioritized in line with the severity of results, chance of introducing exploitable vulnerabilities, and value of remediation.

 

The usual presents safe coding ideas for the Java SE 6 Platform together with the Java programming language and libraries, and likewise addresses new positive aspects of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, courses builders within the right use of Java’s APIs and defense structure, and considers  safeguard issues bearing on average extension APIs (from the javax package deal hierarchy).The typical covers protection concerns appropriate to those libraries: lang, util, Collections, Concurrency Utilities, Logging, administration, mirrored image, average Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.

Show description

Read or Download The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) PDF

Similar oracle books

Object-Oriented Oracle

Describes accomplished and primary elements of object-oriented info modeling and implementation in Oracle. It discusses the total cycle of database layout utilizing object-oriented thoughts, implementation of object-relational Oracle, and knowledge manipulations utilizing member procedures/functions and object-relational queries.

Beginning PHP and Oracle: From Novice to Professional , 1st Edition

Starting personal home page and Oracle: From amateur to expert deals accomplished info on utilizing the Hypertext Preprocessor scripting language along side Oracles database platform. Hypertext Preprocessor is among the so much sought after open resource applied sciences within the quarter of internet improvement, whereas Oracle is likely one of the most generally deployed and used database items.

The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)

  “In the Java international, defense isn't seen as an add-on a function. it's a pervasive state of mind. those that disregard to imagine in a safe approach turn out in hassle. yet simply because the amenities are there doesn’t suggest that safety is guaranteed immediately. a suite of ordinary practices has advanced through the years.

Java Programming with Oracle JDBC

JDBC is the main Java expertise for relational database entry. Oracle is arguably the main popular relational database platform in the area. during this booklet, Donald Bales brings those applied sciences jointly, and exhibits you ways to leverage the total strength of Oracle's implementation of JDBC. you start via studying the all-important mysteries of building database connections.

Additional resources for The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)

Sample text

Rules with a priority in the range of 1 to 4 are level 3 rules, 6 to 9 are level 2, and 12 to 27 are level 1. As a result, it is possible to claim level 1, level 2, or complete compliance (level 3) with a standard by implementing all rules in a level, as shown in Figure P舑1. Figure P舑1. Levels and priority ranges The metric is designed primarily for remediation projects and does not apply to new development efforts that are implemented to the standard. Conformance Testing Software systems can be validated as conforming to The CERTŴ OracleŴ Secure Coding Standard for Java蒂.

Software that complies with this standard provides its users the ability to define fine-grained security policies and safely execute trusted mobile code on untrusted systems or untrusted mobile code on trusted systems. Included Libraries This secure coding standard addresses security issues primarily applicable to the lang and util libraries, as well as to the Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and XML JAXP libraries.

The letter J, which indicates that this is a Java language rule and is included to prevent ambiguity with similar rules in CERT secure coding standards for other languages. Identifiers may be used by static analysis tools to reference a particular rule in a diagnostic message or otherwise used as shorthand for the rule title. System Qualities Security is one of many system attributes that must be considered in the selection and application of a coding standard. Other attributes of interest include safety, portability, reliability, availability, maintainability, readability, and performance.

Download PDF sample

Rated 4.95 of 5 – based on 3 votes