Comments
By Liz McMillan
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Oct. 22, 2013 02:57 AM EDT
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..
Did you read today's front page stories & breaking news?
SYS-CON.TV: Cynergy Announcing RIA Development for Silverlight

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
MORE »
SYS-CON.TV
General Java
Book Review: The CERT Oracle Secure Coding Standard for Java
SEI Series in Software Engineering

By: Tad Anderson
Dec. 9, 2011 10:00 AM

I really like the CERT books. This one is no different, however, it is not one to read from cover to cover, at least not for me. It contains a catalog of rules for programming secure java code. What I have been doing is using it to look up rules about topics found in other resources that I have been using to learn the java environment.

Although the book contains a great index, there is an online version of this book which is really nice. It contains a really sweet search. I have been using that a lot to find the topics I am interested in, marking them in the book, and then reading about them in the book. The online version of the book contains all the code samples found in the book.

The is a nice introduction that you will want to completely read. It gives a really nice overview of java programming security issues and introduces the concepts that can make it safer. The concepts in this chapter introduce the chapters that contain the details rules.

After the introduction the book contains the following chapters. Input Validation and Data Sanitization, Declarations and Initialization, Expressions, Numeric Types and Operations, Object Orientation, Methods, Exceptional Behavior, Visibility and Atomicity, Locking, Thread APIs, Thread Pools, Thread-Safety Miscellaneous, Input Output, Serialization, Platform Security, Runtime Environment, and Miscellaneous.

There are a ton of nice code samples which show the commonly implemented noncompliant solutions and then the compliant solutions. I mentioned above they are all available online.

Although there is a free online version, I am not one to read e-books or anything on the computer I don't have to. I am on it way too much to want to read on it when I don't have to.

I find the author's writing style makes the book an easy read. It is also in a very nice format. Each chapter starts with a list of the rules it covers and a risk assessment summary. They then cover the rules and end with related guidelines and bibliography.

The thing I like most about the book is that although it makes it clear that it does not cover Design and Architecture, Content, Coding style, Tools, and Controversial Rules, I still believe all these areas will improve if you use the advice found in book.

All in all I highly recommend this book to every Java programmer.
The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)

Published Dec. 9, 2011— Reads 10,854
Copyright © 2011 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
▪ LDRA Ships New TBsecure(TM) Complete with CERT C Secure Coding Programming Checker
▪ PRQA Announces Full Implementation of the MISRA C++:2008 Coding Standard
▪ Where Are the High-Level Design Open Source Tools for Java?
About Tad Anderson
Tad Anderson has been doing Software Architecture for 18 years and Enterprise Architecture for the past few.

SOA World Latest Stories
By Elizabeth White
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session...
By Liz McMillan
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn d...
By Pat Romanski
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interout...
By Liz McMillan
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep...
By Elizabeth White
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv intervie...
By Elizabeth White
"We do one of the best file systems in the world. We learned how to deal with Big Data many years ago and we implemented this knowledge into our software," explained Jakub Ratajczak, Business Development Manager at MooseFS, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8...
MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers
Most Read This Week
By William Schmarzo
By Yeshim Deniz
By Elizabeth White
By Pat Romanski
By Elizabeth White
By Liz McMillan
By Carmen Gonzalez
By Yeshim Deniz
By Elizabeth White
By Liz McMillan
By Pat Romanski
By Yeshim Deniz
ADS BY GOOGLE