Download Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi
Well, when else will you locate this prospect to obtain this publication Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi soft file? This is your good opportunity to be right here and also get this fantastic publication Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi Never ever leave this publication prior to downloading this soft data of Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi in web link that we offer. Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi will really make a good deal to be your friend in your lonesome. It will be the best companion to boost your business and also hobby.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi
Download Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi
Find much more experiences and expertise by reading the publication qualified Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi This is an e-book that you are seeking, isn't really it? That corrects. You have actually come to the right website, after that. We constantly provide you Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi as well as one of the most preferred books on the planet to download and install and delighted in reading. You might not neglect that seeing this collection is a purpose and even by unexpected.
Surely, to boost your life high quality, every publication Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi will certainly have their certain session. Nonetheless, having certain awareness will certainly make you really feel a lot more positive. When you feel something happen to your life, occasionally, checking out e-book Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi could help you to make tranquility. Is that your real leisure activity? In some cases indeed, but sometimes will certainly be uncertain. Your selection to review Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi as one of your reading publications, can be your appropriate e-book to read now.
This is not around just how much this publication Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi expenses; it is not also about just what sort of book you really enjoy to review. It is for what you could take and obtain from reviewing this Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi You could like to pick various other e-book; yet, it does not matter if you attempt to make this e-book Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi as your reading choice. You will certainly not regret it. This soft file e-book Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi could be your buddy regardless.
By downloading this soft file e-book Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi in the online web link download, you remain in the first step right to do. This site really provides you ease of the best ways to get the most effective publication, from finest seller to the brand-new launched publication. You could locate a lot more books in this website by checking out every link that we give. One of the collections, Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi is one of the very best collections to sell. So, the first you get it, the initial you will obtain all positive concerning this publication Java Coding Guidelines: 75 Recommendations For Reliable And Secure Programs (SEI Series In Software Engineering), By Fred Long, Dhruv Mohi
“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”
–Mary Ann Davidson, Chief Security Officer, Oracle Corporation��
Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.
�
Written by the same team that brought you The CERT� Oracle � Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.
�
You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.
�
Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.
�
With a Foreword by James A. Gosling, Father of the Java Programming Language
- Sales Rank: #619952 in eBooks
- Published on: 2013-08-23
- Released on: 2013-08-23
- Format: Kindle eBook
Review
"This set of Java™ Coding Guidelines , a follow-on to the earlier The CERT� Oracle Secure Coding Standard for Java ™, is invaluable. This book could almost be retitled Reliable Java™ Coding Guidelines. One of the things that has struck me over the years is the interplay between reliability and security. There are all sorts of explicit security tools—cryptography, authentication, and others—but most break-ins are exploitations of bugs: coding that was badly done or that was insufficiently defensive. Building a reliable system is, in many ways, equivalent to building a secure system. The work you do in reliability pays off in security, and vice versa.
"This book highlights the fact that security is not a feature; it is an attitude toward taking due care at every point. It should be a continuous part of every software engineer’s design thought process. It is organized around a list of guidelines. The meat of the book is the subtlety behind them. For example, “Store passwords using a hash function” appears to be a very basic and obvious point, and yet there are regular news articles about major data breaches just because some software engineer wasn’t thinking. Getting it right is tricky: there are a lot of details for the devil to hide in. This book is full of excellent guidance for dealing with those details."
—James A. Gosling
About the Author
Fred Long is a senior lecturer in the Department of Computer Science, Aberystwyth University, in the United Kingdom. He is chairman of the British Computer Society’s Mid-Wales Branch. Fred has been a visiting scientist at the Software Engineering Institute (SEI) since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Fred is also a coauthor of The CERT� Oracle� Secure Coding Standard for Java™ (Addison-Wesley, 2012).
�
Dhruv Mohindra is a technical lead in the security practices group that is part of the CTO’s office at Persistent Systems Limited, India, where he provides information security consulting solutions across various technology verticals such as cloud, collaboration, banking and finance, telecommunications, enterprise, mobility, life sciences, and health care. Dhruv has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv is also a coauthor of The CERT� Oracle� Secure Coding Standard for Java™ (Addison-Wesley, 2012).
�
Robert C. Seacord is the Secure Coding Initiative technical manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the School of Computer and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008), and is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), The CERT� Oracle� Secure Coding Standard for Java™ (Addison-Wesley, 2012), and Secure Coding in C and C++ (Addison-Wesley, 2013).
�
Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. Dean is also a coauthor of The CERT� Oracle� Secure Coding Standard for Java™ (Addison-Wesley, 2012).
�
David Svoboda is a software security engineer at CERT/SEI. He also maintains the CERT Secure Coding standard websites for Java, as well as C, C++, and Perl. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). David is also a coauthor of The CERT� Oracle� Secure Coding Standard for Java™ (Addison-Wesley, 2012).
Most helpful customer reviews
6 of 6 people found the following review helpful.
A must read for Java developers... and a great read for other developers!!
By T Anderson
Although this book is written for the Java programmer, I would recommend reading it to any .NET or iOS developer as well. It is a must read for the Java developer, but is also a valuable read for developers of other languages because the guidelines are often built around a programmer's intent.
No matter what language you use most, many of the intentions that are targeted by the guidelines are the same. Do I wish there was a C# and Objective-C version of this book? Heck Yeah!!! But, one of the things that helped get to a deeper understanding of the guidelines was thinking about where and how they apply to C# and Objective-C. There is Secure Coding in C and C++ (Second Edition) and The CERT C Secure Coding Standard which are both great too.
The guidelines are broken down by chapter. The book also has an appendix that lists all 75 guidelines and whether or not the guideline is applicable to Android development. I have listed the chapters below. I have also included an overview of what the guidelines in the chapters are targeting as described in the introduction to the chapters.
Chapter 1. Security
1. Dealing with sensitive data
2. Avoiding common injection attacks
3. Language features that can be misused to compromise security
4. Details of Java's fine-grained security mechanism
Chapter 2. Defensive Programming
The guidelines in this chapter address areas of the Java language that can help to constrain the effect of an error or help to recover from an error. A good overall principle for defensive programming is simplicity. If a construct turns out to be complicated to implement, consider redesigning or refactoring it to reduce the complexity.
Chapter 3. Reliability
1. Guidelines that help reduce errors, and are consequently important for developing reliable Java code.
2. Guidelines that contain specific Java coding recommendations to improve software reliability
Chapter 4. Program Understandability
Program understandability is the ease with which the program can be understood--that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation. Some guidelines in this chapter are stylistic in nature; they will help a Java programmer to write clearer, more readable code. Failure to follow these guidelines could result in obscure code and design defects.
Chapter 5. Programmer Misconceptions
1. Misconceptions about Java APIs and language features
2. Assumptions and ambiguity-laced programs
3. Situations in which the programmer wanted to do one thing but ended up doing another
Appendix A: Android
This appendix describes the applicability of the guidelines in this book to developing Java apps for the Android platform.
I really liked the way the chapter on defensive programming brought the goal of simplicity to the forefront. One of the hardest things to do is maintain simplicity when coding. Often times getting through very complex situations ends with a lot of the code being in a state where it can be refactored into much cleaner code.
I find one of the biggest mistakes programmers make is saying they will come back to it later and clean it up. They honestly have the best intention of doing that and sometimes even come back to do that. When they do they realize that the big ball of mud they made just getting the problem resolved will take too much time to relearn. What they had done two weeks prior gets left alone with the thought, it isn't broke, so I'll just leave it. Cleaning it up while it is fresh in your head is what needs to become a habit, otherwise never cleaning up will become your habit.
One of the really nice features of the book is that the author's include references to the rules that apply from The CERT Oracle Secure Coding Standard for Java. All of the rules are available on line- just google "CERT Oracle Secure Coding Standard for Java". Once there you just plug the code used in the book into the search and you're taken to the rule. The rule has more information and more code samples.
They also include references back to the online The Java Virtual Machine Specification- Java SE 7 Edition. Having these references really helps you get any additional information to help you fully understand the topic at hand.
Another thing I really like is that they show tons of noncompliant code examples and compliant solutions. It really helps to have the examples along with the explanations.
In the beginning of the book the authors say "While primarily designed for building reliable and secure systems, these guidelines are also useful for achieving other quality attributes such as safety, dependability, robustness, availability, and maintainability." I must agree and say that they have really provided a treasure chest of wisdom in this book. Following the guidelines in this book will go a long way in helping you achieve the quality attributes listed above in your architecture.
All in all I highly recommend this book to all Java developers. It is a must read for you. I also recommend to developers of other languages that want to gain new insight into guidelines that they can apply in their language of choice.
5 of 5 people found the following review helpful.
Requires reading for every Java programmer
By Ben Rothke
Last month, noted reported Dan Goodin wrote in Security of Java takes a dangerous turn for the worse that people need to beware of increasingly advanced Java exploits. He noted that Java, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits.
While Java insecurity may seem inevitable, it does not have to be, thanks to a great new book out. Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs is a follow-up to The CERT Oracle Secure Coding Standard for Java.
It is hard to find a company today that does not have at least a few developers coding in Java. Many large enterprises have scores of Java developers. While Java has robust security controls, they are only as robust as they are correctly implemented.
The book has 75 guidelines in which to write secure Java code. Each guideline includes detailed requirements for compliance and example of non-compliant code to avoid, which is included.
While some of the guidelines are obvious, such as not storing unencrypted sensitive information on the client side and storing passwords using a hash function, many of them are new to the uninitiated Java programmer, which is why this book is greatly needed.
This book should be in the hands of anyone that codes in Java. If a developer is not trained to write secure code, it's inevitable that their code will be insecure.
James Gosling, the creator of Java writes in the forward that Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs highlights the fact that information security is not a feature; rather it's an attitude toward taking due care at every point. Gosling found that the book is full of excellent guidance for dealing with those details. Take his word for it and get a copy.
2 of 3 people found the following review helpful.
4.5 stars for being clear and to the point
By Jeanne Boyarsky
This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.
Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.
I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.
I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.
The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title. I wanted to give it 4.5 stars to reflect I rated it higher than the 4 stars I gave to the other.
---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi PDF
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi EPub
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi Doc
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi iBooks
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi rtf
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi Mobipocket
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering), by Fred Long, Dhruv Mohi Kindle
Tidak ada komentar:
Posting Komentar