| By Tad Anderson | Article Rating: |
|
| December 9, 2011 10:00 AM EST | Reads: |
1,525 |
| I really like the CERT books. This one is no different, however, it is not one to read from cover to cover, at least not for me. It contains a catalog of rules for programming secure java code. What I have been doing is using it to look up rules about topics found in other resources that I have been using to learn the java environment. Although the book contains a great index, there is an online version of this book which is really nice. It contains a really sweet search. I have been using that a lot to find the topics I am interested in, marking them in the book, and then reading about them in the book. The online version of the book contains all the code samples found in the book. The is a nice introduction that you will want to completely read. It gives a really nice overview of java programming security issues and introduces the concepts that can make it safer. The concepts in this chapter introduce the chapters that contain the details rules. After the introduction the book contains the following chapters. Input Validation and Data Sanitization, Declarations and Initialization, Expressions, Numeric Types and Operations, Object Orientation, Methods, Exceptional Behavior, Visibility and Atomicity, Locking, Thread APIs, Thread Pools, Thread-Safety Miscellaneous, Input Output, Serialization, Platform Security, Runtime Environment, and Miscellaneous. There are a ton of nice code samples which show the commonly implemented noncompliant solutions and then the compliant solutions. I mentioned above they are all available online. Although there is a free online version, I am not one to read e-books or anything on the computer I don't have to. I am on it way too much to want to read on it when I don't have to. I find the author's writing style makes the book an easy read. It is also in a very nice format. Each chapter starts with a list of the rules it covers and a risk assessment summary. They then cover the rules and end with related guidelines and bibliography. The thing I like most about the book is that although it makes it clear that it does not cover Design and Architecture, Content, Coding style, Tools, and Controversial Rules, I still believe all these areas will improve if you use the advice found in book. All in all I highly recommend this book to every Java programmer. |
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) |
CIO, CTO & Developer Resources
Published December 9, 2011 Reads 1,525
Copyright © 2011 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
- Five Years Waiting for JRE 7: Is It Justified? (Part 1)
- Book Review: The CERT Oracle Secure Coding Standard for Java
- soapUI Wins Best Open Source Web Services Test Tool - ATI Honors
- China suppliers of mobile phones expand range with more smartphone and 3G models
- Government Big Data Solutions Award Nominee: Wayne Wheeles (Sherpa Surfing)
- Load testing the post office
- Aldec und SynthWorks bieten Randomisierungs- und Funktionsabdeckungskapazitäten mit OS-VVM™ für VHDL-Designer
- Five Years Waiting for JRE 7: Is It Justified? (Part 1)
- Announcing Rapid Protect - A Comprehensive Mobile Application Geared to Address the Safety and Security Needs of the Families Worldwide
- Book Review: The CERT Oracle Secure Coding Standard for Java
- Bacula Systems lance une fonction de restauration Linux à froid
- Group FMG Opens State-of-the-Art Global Operations and Technology Center of Excellence (COE) in Chennai, India
- Yocto Project Introduces New Features
- Axis12 Limited Announces Partnership Agreement with Volacci, the Leading Drupal SEO and Internet Marketing Specialists
- [berkman] Yochai Benkler on his new book
- The Linux Foundation Announces Consumer Electronics Long Term Stable Kernel Initiative
- MontaVista and Black Duck Announce Partnership to Provide Open Source Code Management Solutions to the Automotive Market
- soapUI Wins Best Open Source Web Services Test Tool - ATI Honors
- Black Hat Abu Dhabi Offering Ten Intensive Hands on Training Courses Including New Courses on Mobile Hacking and PHP Security
- Java Developer's Journal Exclusive: 2006 "JDJ Editors' Choice" Awards
- The i-Technology Right Stuff
- Creating Web Applications with the Eclipse Web Tools Project
- Eclipse Special: Remote Debugging Tomcat & JBoss Apps with Eclipse
- The Next Programming Models, RIAs and Composite Applications
- Where Are RIA Technologies Headed in 2008?
- SYS-CON Webcast: Eclipse IDE for Students, Useful Eclipse Tips & Tricks
- How to Bring Eclipse 3.1, J2SE 5.0, and Tomcat 5.0 Together
- Eclipse: The Story of Web Tools Platform 0.7
- "Eclipse 3.0 is a Great Leap Forward," Says JDJ's Dudney
- Developing an Eclipse BIRT Report Item Extension
- The Top 250 Players in the Cloud Computing Ecosystem


































