The CERT Oracle Secure Coding Standard for Java
September 2011 • Book
In this book, the authors provide the first comprehensive compilation of code-level requirements for building secure systems in Java.
This is the first authoritative, comprehensive compilation of code-level requirements for building secure systems in Java. Organized by CERT's pioneering software security experts, with support from Oracle's own Java platform developers, it covers every facet of secure software coding with Java 7 SE and Java 6 SE, and offers value even to developers working with other Java versions. The authors itemize the most common coding errors leading to vulnerabilities in Java programs, and provide specific guidelines for avoiding each of them. They show how to produce programs that are not only secure, but also safer, more reliable, more robust, and easier to maintain. After a high-level introduction to Java application security, eighteen consistently organized chapters detail specific guidelines for each facet of Java development. Each set of guidelines defines conformance, presents both non-compliant examples and corresponding compliant solutions, shows how to assess risk, and offers references for further information. To limit this book's size, the authors focus on "normative requirements": strict rules for what programmers must do for their work to be secure, as defined by conformance to specific standards that can be tested through automated analysis software. (Note: A follow-up book will present "non-normative requirements": recommendations for what Java developers typically "should" do to further strengthen program security beyond testable "requirements.")