Download PDF The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)
This The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering) tends to be just what you are needed currently. It will certainly get to get over the presence of fascinating topic to talk about. Even many people really feel that this is not proper for them to read, as an excellent viewers, you can think about other factors. This publication is really good to check out. It will not should force you making representative subject of the books. However, ideas as well as passion that are provided form this publication can be accomplished to everyone.
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)
Download PDF The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)
The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering). Delighted reading! This is just what we intend to claim to you which enjoy reading a lot. What concerning you that assert that reading are only obligation? Don't bother, reviewing habit should be begun with some certain factors. Among them is reviewing by commitment. As exactly what we desire to provide here, guide qualified The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering) is not sort of required publication. You could appreciate this book The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering) to read.
Many individuals additionally aim to get this The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering) to read. It's because they will certainly always upgrade the new life, not only based upon their life in their age however additionally in this new growing age. When this publication is suggested, why you have to pick this as soon as possible? This is a type of book that has good deal with the development of the life quality. Even this is an excellent book; you might not really feel so worry about the best ways to comprehend it.
Book, will certainly not always is related to what you have to obtain. Bok could also remain in some numerous styles. Religions, Sciences, socials, sporting activities, politics, law, as well as countless book styles end up being the sources that often you have to check out all. However, when you have had the analysis behavior and also learn more publications as The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering), you could feel better. Why? Since, your opportunity to check out is not only for the need in that time but likewise for constant tasks to always boost and also improve your brighter future and life high quality.
In offering the information, we also show various other book collections. We understand that nowadays many individuals like reviewing a lot. So, finding hundreds of guides right here in this on the internet publication is extremely easy. Searching and browsing can be done wherever you are. It is the way you utilize the contemporary technology as internet link to attach to this site. From this case, we're really sure that everyone requirements are covered in some books, the certain books based upon the subjects and also requirements. As the The CERT Oracle Secure Coding Standard For Java (SEI Series In Software Engineering) that is now preventative.
About the Author
Ve>Fred Long is a senior lecturer and director of learning and teaching in the Department of Computer Science, Aberystwyth University in the United Kingdom. He lectures on formal methods; Java, C++, and C programming paradigms and programming-related security issues. He is chairman of the British Computer Society’s Mid-Wales Sub-Branch. Fred has been a Visiting Scientist at the Software Engineering Institute since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Dhruv Mohindra is a senior software engineer at Persistent Systems Limited, India, where he develops monitoring software for widely used enterprise servers. He has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv has also worked for Carnegie Mellon University, where he obtained his master of science degree in information security policy and management. He holds an undergraduate degree in computer engineering from Pune University, India, where he researched with Calsoft, Inc., during his academic pursuit. A writing enthusiast, Dhruv occasionally contributes articles to technology magazines and online resources. He brings forth his experience and learning from developing and securing service oriented applications, server monitoring software, mobile device applications, web-based data miners, and designing user-friendly security interfaces. Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering. Robert manages the Secure Coding Initiative at CERT, located in Carnegie Mellon’s Software Engineering Institute in Pittsburgh, Pennsylvania. CERT, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute. Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert has a bachelor’s degree in computer science from Rensselaer Polytechnic Institute. Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group, was a key instigator of the design and deployment of a new software development process for Tartan, led R&D projects, and provided both technical and project leadership for the 12-person compiler back-end group. David Svoboda is a software security engineer at CERT. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has over 13 years of Java development experience, starting with Java 2, and his Java projects include Tomcat servlets and Eclipse plug-ins. David is also actively involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/ SC22/WG21 group for C++.
Read more
Product details
Series: SEI Series in Software Engineering
Paperback: 744 pages
Publisher: Addison-Wesley Professional; 1 edition (September 18, 2011)
Language: English
ISBN-10: 9780321803955
ISBN-13: 978-0321803955
ASIN: 0321803957
Product Dimensions:
7 x 1.5 x 9.1 inches
Shipping Weight: 2.4 pounds (View shipping rates and policies)
Average Customer Review:
4.0 out of 5 stars
8 customer reviews
Amazon Best Sellers Rank:
#1,225,478 in Books (See Top 100 in Books)
"The CERT Oracle Secure Coding Standard for Java" is a thoroughly researched and authoritative guide to secure coding in Java. It specifically focuses on Java SE 6 and some of the features of Java SE 7, so don't look for coverage of security best practices for Java EE and certainly not for web application security issues that target aspects of HTTP, HTML, or JavaScript (e.g., Cross-Site Scripting, Cross-Site Request Forgery, etc.). The book actually goes beyond guidance for coding a secure application, providing insight into building a solid, high quality application. Indeed, in the Preface it notes that the goal of the rules is to help developers build "higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable".The coding standards are provided as a clearly documented set of rules, each one including some summary information about the rule, code examples of the rule not being followed as well as code that does follow the rule, enumerated exceptions where it's permissible to deviate from the rule, and lastly a risk assessment of the vulnerability that arises when you don't follow the rule. The list of rules is extensive, so the authors have helpfully grouped them into the following categories:* Input Validation and Data Sanitization* Declarations and Initialization* Expressions* Numeric Types and Operations* Object Orientation* Methods* Exceptional Behavior (i.e., proper usage and handling of exceptions)* Visibility and Atomicity* Locking* Thread APIs* Thread Pools* Thread-Safety Miscellaneous* Input Output* Serialization* Platform Security* Runtime Environment* MiscellaneousThis presentation format lends itself to a very organized and comprehensive treatment of the subject, but doesn't make it the type of book that you can easily read from cover to cover. It would be fair to say that it reads more like a reference book that's tremendously useful when you're interested in practical secure Java coding practices for a specific area rather than as a training guide. Before finding that specific topic of interest, however, it would be wise to read the excellent introductory chapter. The introduction provides overviews of each of the principle sources of vulnerabilities in Java applications: misplaced trust; injection attacks (including a very helpful explanation of the appropriate use and sequencing of validation, sanitization, canonicalization, and normalization); leaking sensitive data; leaking capabilities; denial of service; serialization; concurrency, visibility, and memory; security managers; and class loaders.It's also important to note that many of the rules focus on how to write mobile code that can be safely executed in untrusted systems or how to use untrusted mobile code on trusted systems. In these cases, the attacker is writing code that interacts with your code and takes advantage of vulnerabilities you have left by not following the prescribed rules. This attacker context is quite different from that of an external hacker trying to take advantage of flaws in a web site, for example.Although the book is probably best used as a reference guide in which you'll seek out a topic of interest rather than read from front to back, it's undeniably a highly valuable contribution to the topic of secure Java coding. As such, it's a useful addition to the bookshelves of Java architects, developers, and application security auditors.
Nice reference material, but not very useful for the average developer. It has an small introductory chapter on secure coding practices and the remaining of the book is a list of common vulnerabilities and a short advise on how to avoid them, but it lacks details on how to identify and address them or on how the developers should change their programming practices to avoid introducing them in the first place. If you are looking for a book to help you code secure applications, you should look somewhere else.
Well-written book. Serves its purpose that my team is using it for. Every sprint they choose new security standards to address (and automate) and this book is a big help in that regard. Easy to dissect and find useful information.
Got chance to read this book over the weekend.Positive: Code snippets for each scenario.Most of the security issues are the ones we generally practice on day to day basis.This is good book to have for Thread related issues.
It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products.Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.The first 100 pages of the book are available here. After read it, you will be likely to want to see the next 650 pages.
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) PDF
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) EPub
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) Doc
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) iBooks
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) rtf
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) Mobipocket
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) Kindle
0 komentar:
Posting Komentar