Programming Books C Java PHP Python Learn more Browse Programming Books
Java Coding Guidelines: 75 Recommendations for Reliable a... and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $39.99
  • Save: $8.31 (21%)
FREE Shipping on orders over $35.
Only 9 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
+ $3.99 shipping
Used: Good | Details
Sold by -Daily Deals-
Condition: Used: Good
Comment: This Book is in Good Condition. Clean Copy With Light Amount of Wear. 100% Guaranteed.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $11.83
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering) Paperback – September 9, 2013

ISBN-13: 978-0321933157 ISBN-10: 032193315X Edition: 1st

Buy New
Price: $31.68
35 New from $23.76 14 Used from $27.14
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$31.68
$23.76 $27.14
Best%20Books%20of%202014

Frequently Bought Together

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering) + The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) + Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering)
Price for all three: $117.18

Buy the selected items together
NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Series: SEI Series in Software Engineering
  • Paperback: 304 pages
  • Publisher: Addison-Wesley Professional; 1 edition (September 9, 2013)
  • Language: English
  • ISBN-10: 032193315X
  • ISBN-13: 978-0321933157
  • Product Dimensions: 7.1 x 0.7 x 9.1 inches
  • Shipping Weight: 1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #587,776 in Books (See Top 100 in Books)

Editorial Reviews

Review

"This set of Java™ Coding Guidelines , a follow-on to the earlier The CERT® Oracle Secure Coding Standard for Java ™, is invaluable. This book could almost be retitled Reliable Java™ Coding Guidelines. One of the things that has struck me over the years is the interplay between reliability and security. There are all sorts of explicit security tools—cryptography, authentication, and others—but most break-ins are exploitations of bugs: coding that was badly done or that was insufficiently defensive. Building a reliable system is, in many ways, equivalent to building a secure system. The work you do in reliability pays off in security, and vice versa.

"This book highlights the fact that security is not a feature; it is an attitude toward taking due care at every point. It should be a continuous part of every software engineer’s design thought process. It is organized around a list of guidelines. The meat of the book is the subtlety behind them. For example, “Store passwords using a hash function” appears to be a very basic and obvious point, and yet there are regular news articles about major data breaches just because some software engineer wasn’t thinking. Getting it right is tricky: there are a lot of details for the devil to hide in. This book is full of excellent guidance for dealing with those details."
—James A. Gosling

About the Author

Fred Long is a senior lecturer in the Department of Computer Science, Aberystwyth University, in the United Kingdom. He is chairman of the British Computer Society’s Mid-Wales Branch. Fred has been a visiting scientist at the Software Engineering Institute (SEI) since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Fred is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

 

Dhruv Mohindra is a technical lead in the security practices group that is part of the CTO’s office at Persistent Systems Limited, India, where he provides information security consulting solutions across various technology verticals such as cloud, collaboration, banking and finance, telecommunications, enterprise, mobility, life sciences, and health care. Dhruv has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

 

Robert C. Seacord is the Secure Coding Initiative technical manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the School of Computer and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008), and is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012), and Secure Coding in C and C++ (Addison-Wesley, 2013).

 

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. Dean is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

 

David Svoboda is a software security engineer at CERT/SEI. He also maintains the CERT Secure Coding standard websites for Java, as well as C, C++, and Perl. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). David is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).


Customer Reviews

4.6 out of 5 stars
5 star
5
4 star
4
3 star
0
2 star
0
1 star
0
See all 9 customer reviews
Anyone who is a Java developer or a software analyst should read this book.
Laughing Man
I must agree and say that they have really provided a treasure chest of wisdom in this book.
T. Anderson
Gosling found that the book is full of excellent guidance for dealing with those details.
Ben Rothke

Most Helpful Customer Reviews

4 of 4 people found the following review helpful By Ben Rothke on October 8, 2013
Format: Paperback
Last month, noted reported Dan Goodin wrote in Security of Java takes a dangerous turn for the worse that people need to beware of increasingly advanced Java exploits. He noted that Java, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits.

While Java insecurity may seem inevitable, it does not have to be, thanks to a great new book out. Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs is a follow-up to The CERT Oracle Secure Coding Standard for Java.

It is hard to find a company today that does not have at least a few developers coding in Java. Many large enterprises have scores of Java developers. While Java has robust security controls, they are only as robust as they are correctly implemented.
The book has 75 guidelines in which to write secure Java code. Each guideline includes detailed requirements for compliance and example of non-compliant code to avoid, which is included.

While some of the guidelines are obvious, such as not storing unencrypted sensitive information on the client side and storing passwords using a hash function, many of them are new to the uninitiated Java programmer, which is why this book is greatly needed.

This book should be in the hands of anyone that codes in Java. If a developer is not trained to write secure code, it's inevitable that their code will be insecure.

James Gosling, the creator of Java writes in the forward that Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs highlights the fact that information security is not a feature; rather it's an attitude toward taking due care at every point. Gosling found that the book is full of excellent guidance for dealing with those details. Take his word for it and get a copy.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
Although this book is written for the Java programmer, I would recommend reading it to any .NET or iOS developer as well. It is a must read for the Java developer, but is also a valuable read for developers of other languages because the guidelines are often built around a programmer's intent.

No matter what language you use most, many of the intentions that are targeted by the guidelines are the same. Do I wish there was a C# and Objective-C version of this book? Heck Yeah!!! But, one of the things that helped get to a deeper understanding of the guidelines was thinking about where and how they apply to C# and Objective-C. There is Secure Coding in C and C++ (Second Edition) and The CERT C Secure Coding Standard which are both great too.

The guidelines are broken down by chapter. The book also has an appendix that lists all 75 guidelines and whether or not the guideline is applicable to Android development. I have listed the chapters below. I have also included an overview of what the guidelines in the chapters are targeting as described in the introduction to the chapters.

Chapter 1. Security
1. Dealing with sensitive data
2. Avoiding common injection attacks
3. Language features that can be misused to compromise security
4. Details of Java's fine-grained security mechanism

Chapter 2. Defensive Programming
The guidelines in this chapter address areas of the Java language that can help to constrain the effect of an error or help to recover from an error. A good overall principle for defensive programming is simplicity. If a construct turns out to be complicated to implement, consider redesigning or refactoring it to reduce the complexity.

Chapter 3. Reliability
1.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 3 people found the following review helpful By Jeanne Boyarsky on October 20, 2013
Format: Paperback
This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.

Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.

I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.

I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.

The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title. I wanted to give it 4.5 stars to reflect I rated it higher than the 4 stars I gave to the other.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

What Other Items Do Customers Buy After Viewing This Item?