“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
—James A. Gosling, Father of the Java Programming Language
An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).
The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.
After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation.
The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Ve>Fred Long is a senior lecturer and director of learning and teaching in the Department of Computer Science, Aberystwyth University in the United Kingdom. He lectures on formal methods; Java, C++, and C programming paradigms and programming-related security issues. He is chairman of the British Computer Society’s Mid-Wales Sub-Branch. Fred has been a Visiting Scientist at the Software Engineering Institute since 1992. Recently, his research has involved the investigation of vulnerabilities in Java.
Dhruv Mohindra is a senior software engineer at Persistent Systems Limited, India, where he develops monitoring software for widely used enterprise servers. He has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community.
Dhruv has also worked for Carnegie Mellon University, where he obtained his master of science degree in information security policy and management. He holds an undergraduate degree in computer engineering from Pune University, India, where he researched with Calsoft, Inc., during his academic pursuit.
A writing enthusiast, Dhruv occasionally contributes articles to technology magazines and online resources. He brings forth his experience and learning from developing and securing service oriented applications, server monitoring software, mobile device applications, web-based data miners, and designing user-friendly security interfaces.
Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.
Robert manages the Secure Coding Initiative at CERT, located in Carnegie Mellon’s Software Engineering Institute in Pittsburgh, Pennsylvania. CERT, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute.
Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert has a bachelor’s degree in computer science from Rensselaer Polytechnic Institute.
Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group, was a key instigator of the design and deployment of a new software development process for Tartan, led R&D projects, and provided both technical and project leadership for the 12-person compiler back-end group.
David Svoboda is a software security engineer at CERT. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has over 13 years of Java development experience, starting with Java 2, and his Java projects include Tomcat servlets and Eclipse plug-ins. David is also actively involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/ SC22/WG21 group for C++.
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Descrizione libro Softcover. Condizione libro: New. Brand NEW, Paperback International Edition. Black & White or color, Cover and ISBN may be different but similar contents as US editions. Standard delivery takes 3-6 business days by USPS/UPS/Fedex with tracking number. Choose expedited shipping for superfast delivery 2-4 business days. We also ship to PO Box addresses. International Edition Textbooks may bear a label ÔNot for sale in the U.S. or CanadaÕ etc. printed only to discourage U.S. students from obtaining an affordable copy. Legal to use despite any disclaimer on cover as per US court. No access code or CD included unless specified. In some instances, the international textbooks may have different exercises at the end of the chapters. Printed in English. 100% Customer satisfaction guaranteed! Please feel free to contact us for any queries. Codice libro della libreria USINUS-1330
Descrizione libro International Edition. Paperback. Condizione libro: New. International Edition. Very fast shipping. Receive your book in 2-7 business days if you checkout with expedited shipping. We take pride in our customer service, please contact us if you have any questions regarding the listing. Codice libro della libreria in-us-9780321803955
Descrizione libro Condizione libro: Brand New. PAPERBACK,Book Condition New, International Edition. We Do not Ship APO FPO AND PO BOX. Cover Image & ISBN may be different from US edition but contents as US Edition. Printing in English language.NO CD AND ACCESS CODE. Quick delivery by USPS/UPS/DHL/FEDEX/ARAMEX ,Customer satisfaction guaranteed. We may ship the books from Asian regions for inventory purpose. Codice libro della libreria ABEADH##3687
Descrizione libro Paperback. Condizione libro: New. Softcover Book, New Condition, Fast Shipping. Ready in Stock. 1st Edition. [Please Read Carefully Before Buying], This Is An International Edition. Printed In Black and White. 744 Pages, Book Cover And ISBN No May Be Different From US Edition. Restricted Sales Disclaimer Wordings Not For Sales In USA And Canada May Be Printed On The Cover Of The Book. Standard Shipping 7-14 Business Days. Expedited Shiping 4-8 Business Days. ***WE DO NOT ENTERTAIN BULK ORDERS.*** The Books May Be Ship From Overseas For Inventory Purpose. Codice libro della libreria 375537
Descrizione libro Paperback. Condizione libro: New. New, Softcover International Edition, Printed in Black and White, Only USPS Media mail Shipping ONLY, Different ISBN, Same Content As US edition, Book Cover may be Different, in English Language. Codice libro della libreria 24640
Descrizione libro Condizione libro: New. New. International edition. Different ISBN and Cover image but contents are same as US edition. Perfect condition. Customer satisfaction our priority. Codice libro della libreria ABE-FEB-142531
Descrizione libro Condizione libro: Brand New. New. SoftCover International edition. Different ISBN and Cover image but contents are same as US edition. Customer Satisfaction guaranteed!!. Codice libro della libreria SHUB142531
Descrizione libro Condizione libro: Brand New. New, SoftCover International edition. Different ISBN and Cover image but contents are same as US edition. Excellent Customer Service. Codice libro della libreria ABEUSA-142531
Descrizione libro Condizione libro: New. Brand New Paperback International Edition.We Ship to PO BOX Address also. EXPEDITED shipping option also available for faster delivery. Codice libro della libreria AUSBNEW-63471
Descrizione libro Prentice Hall. Condizione libro: New. Brand New. Codice libro della libreria 0321803957