The CERT Oracle Secure Coding Standard for Java, 1e
Thumbnail 1

The CERT Oracle Secure Coding Standard for Java, 1e

4.5/5
产品编号: 87077217
安全交易
经常一起购买

描述

The CERT Oracle Secure Coding Standard for Java, 1e

评论

4.5

全部来自已验证的购买

M**I

Excellent book

A must read

M**G

Does what is says on the cover

Massive detail, a little dull but that's the nature of the subject :)

J**B

Good resoure for Java architects, developers, and application security auditors

"The CERT Oracle Secure Coding Standard for Java" is a thoroughly researched and authoritative guide to secure coding in Java. It specifically focuses on Java SE 6 and some of the features of Java SE 7, so don't look for coverage of security best practices for Java EE and certainly not for web application security issues that target aspects of HTTP, HTML, or JavaScript (e.g., Cross-Site Scripting, Cross-Site Request Forgery, etc.). The book actually goes beyond guidance for coding a secure application, providing insight into building a solid, high quality application. Indeed, in the Preface it notes that the goal of the rules is to help developers build "higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable".The coding standards are provided as a clearly documented set of rules, each one including some summary information about the rule, code examples of the rule not being followed as well as code that does follow the rule, enumerated exceptions where it's permissible to deviate from the rule, and lastly a risk assessment of the vulnerability that arises when you don't follow the rule. The list of rules is extensive, so the authors have helpfully grouped them into the following categories:* Input Validation and Data Sanitization* Declarations and Initialization* Expressions* Numeric Types and Operations* Object Orientation* Methods* Exceptional Behavior (i.e., proper usage and handling of exceptions)* Visibility and Atomicity* Locking* Thread APIs* Thread Pools* Thread-Safety Miscellaneous* Input Output* Serialization* Platform Security* Runtime Environment* MiscellaneousThis presentation format lends itself to a very organized and comprehensive treatment of the subject, but doesn't make it the type of book that you can easily read from cover to cover. It would be fair to say that it reads more like a reference book that's tremendously useful when you're interested in practical secure Java coding practices for a specific area rather than as a training guide. Before finding that specific topic of interest, however, it would be wise to read the excellent introductory chapter. The introduction provides overviews of each of the principle sources of vulnerabilities in Java applications: misplaced trust; injection attacks (including a very helpful explanation of the appropriate use and sequencing of validation, sanitization, canonicalization, and normalization); leaking sensitive data; leaking capabilities; denial of service; serialization; concurrency, visibility, and memory; security managers; and class loaders.It's also important to note that many of the rules focus on how to write mobile code that can be safely executed in untrusted systems or how to use untrusted mobile code on trusted systems. In these cases, the attacker is writing code that interacts with your code and takes advantage of vulnerabilities you have left by not following the prescribed rules. This attacker context is quite different from that of an external hacker trying to take advantage of flaws in a web site, for example.Although the book is probably best used as a reference guide in which you'll seek out a topic of interest rather than read from front to back, it's undeniably a highly valuable contribution to the topic of secure Java coding. As such, it's a useful addition to the bookshelves of Java architects, developers, and application security auditors.

L**A

Refernence Material

Nice reference material, but not very useful for the average developer. It has an small introductory chapter on secure coding practices and the remaining of the book is a list of common vulnerabilities and a short advise on how to avoid them, but it lacks details on how to identify and address them or on how the developers should change their programming practices to avoid introducing them in the first place. If you are looking for a book to help you code secure applications, you should look somewhere else.

P**K

Great Content

Well-written book. Serves its purpose that my team is using it for. Every sprint they choose new security standards to address (and automate) and this book is a big help in that regard. Easy to dissect and find useful information.

常见问题

TrustPilot

TrustScore 4.5 | 7,300多个评论

Ayesha M.

产品与描述完全相符。对我的购买非常满意。

5天前

维克拉姆·D.

MOLLE 护套质量非常好。我对这次购买非常满意。

2 周前

全球购物,通过 Desertcart 享受优惠
物有所值
各种产品的价格具有竞争力
全球购物
为 100 多个国家的数百万购物者提供服务
增强保护
深受全球购物者喜爱的值得信赖的支付方式
客户保证
深受全球购物者喜爱的值得信赖的支付方式。
沙漠车应用程序
随时随地随时随地购物。
MOP$47

关税和税费包括

Macau店铺
1
免运费

with PRO Membership

免费退货

30天对于 PRO 会员用户

15天无会员资格

安全交易

TrustPilot

TrustScore 4.5 | 7,300多个评论

Anjali K.

产品质量出色。正是我的工作所需要的。

1 个月前

阿卜杜拉·B.

正品,价格实惠。国际送货也很快!

3 周前

The Cert Oracle Secure Coding Standard For Java 1e | Desertcart Macau