Programming Books C Java PHP Python Learn more Browse Programming Books
The CERT Oracle Secure Coding Standard for Java and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $49.99
  • Save: $8.69 (17%)
Only 11 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
+ $3.99 shipping
Used: Good | Details
Condition: Used: Good
Comment: Ships same day or next business day via UPS (Priority Mail for AK/HI/APO/PO Boxes)! Used sticker and some writing and/or highlighting. Used books may not include working access code or dust jacket.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $15.46
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) Paperback – September 18, 2011

ISBN-13: 978-0321803955 ISBN-10: 0321803957 Edition: 1st

Buy New
Price: $41.30
33 New from $32.32 15 Used from $30.41
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$41.30
$32.32 $30.41
Best%20Books%20of%202014

Frequently Bought Together

The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) + Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering) + Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering)
Price for all three: $117.18

Buy the selected items together
NO_CONTENT_IN_FEATURE

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Series: SEI Series in Software Engineering
  • Paperback: 744 pages
  • Publisher: Addison-Wesley Professional; 1 edition (September 18, 2011)
  • Language: English
  • ISBN-10: 0321803957
  • ISBN-13: 978-0321803955
  • Product Dimensions: 7 x 1.5 x 9 inches
  • Shipping Weight: 2.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #504,824 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Ve>Fred Long is a senior lecturer and director of learning and teaching in the Department of Computer Science, Aberystwyth University in the United Kingdom. He lectures on formal methods; Java, C++, and C programming paradigms and programming-related security issues. He is chairman of the British Computer Society’s Mid-Wales Sub-Branch. Fred has been a Visiting Scientist at the Software Engineering Institute since 1992. Recently, his research has involved the investigation of vulnerabilities in Java.

 

Dhruv Mohindra is a senior software engineer at Persistent Systems Limited, India, where he develops monitoring software for widely used enterprise servers. He has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community.

 

Dhruv has also worked for Carnegie Mellon University, where he obtained his master of science degree in information security policy and management. He holds an undergraduate degree in computer engineering from Pune University, India, where he researched with Calsoft, Inc., during his academic pursuit.

 

A writing enthusiast, Dhruv occasionally contributes articles to technology magazines and online resources. He brings forth his experience and learning from developing and securing service oriented applications, server monitoring software, mobile device applications, web-based data miners, and designing user-friendly security interfaces.

 

Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.

 

Robert manages the Secure Coding Initiative at CERT, located in Carnegie Mellon’s Software Engineering Institute in Pittsburgh, Pennsylvania. CERT, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute.

 

Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert has a bachelor’s degree in computer science from Rensselaer Polytechnic Institute.

 

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group, was a key instigator of the design and deployment of a new software development process for Tartan, led R&D projects, and provided both technical and project leadership for the 12-person compiler back-end group.

 

David Svoboda is a software security engineer at CERT. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has over 13 years of Java development experience, starting with Java 2, and his Java projects include Tomcat servlets and Eclipse plug-ins. David is also actively involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/ SC22/WG21 group for C++.


More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.0 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

7 of 7 people found the following review helpful By Ben Rothke on October 12, 2011
Format: Paperback
It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products.

Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.

Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.

With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.

The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.

The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.

The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.

The first 100 pages of the book are available here. After read it, you will be likely to want to see the next 650 pages.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By T. Anderson TOP 1000 REVIEWERVINE VOICE on December 7, 2011
Format: Paperback
I really like the CERT books. This one is no different, however, it is not one to read from cover to cover, at least not for me. It contains a catalog of rules for programming secure java code. What I have been doing is using it to look up rules about topics found in other resources that I have been using to learn the java environment.

Although the book contains a great index, there is an online version of this book which is really nice. It contains a really sweet search. I have been using that a lot to find the topics I am interested in, marking them in the book, and then reading about them in the book. The online version of the book contains all the code samples found in the book.

The is a nice introduction that you will want to completely read. It gives a really nice overview of java programming security issues and introduces the concepts that can make it safer. The concepts in this chapter introduce the chapters that contain the details rules.

After the introduction the book contains the following chapters. Input Validation and Data Sanitization, Declarations and Initialization, Expressions, Numeric Types and Operations, Object Orientation, Methods, Exceptional Behavior, Visibility and Atomicity, Locking, Thread APIs, Thread Pools, Thread-Safety Miscellaneous, Input Output, Serialization, Platform Security, Runtime Environment, and Miscellaneous.

There are a ton of nice code samples which show the commonly implemented noncompliant solutions and then the compliant solutions. I mentioned above they are all available online.

Although there is a free online version, I am not one to read e-books or anything on the computer I don't have to. I am on it way too much to want to read on it when I don't have to.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By JB on April 4, 2012
Format: Paperback Verified Purchase
"The CERT Oracle Secure Coding Standard for Java" is a thoroughly researched and authoritative guide to secure coding in Java. It specifically focuses on Java SE 6 and some of the features of Java SE 7, so don't look for coverage of security best practices for Java EE and certainly not for web application security issues that target aspects of HTTP, HTML, or JavaScript (e.g., Cross-Site Scripting, Cross-Site Request Forgery, etc.). The book actually goes beyond guidance for coding a secure application, providing insight into building a solid, high quality application. Indeed, in the Preface it notes that the goal of the rules is to help developers build "higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable".

The coding standards are provided as a clearly documented set of rules, each one including some summary information about the rule, code examples of the rule not being followed as well as code that does follow the rule, enumerated exceptions where it's permissible to deviate from the rule, and lastly a risk assessment of the vulnerability that arises when you don't follow the rule. The list of rules is extensive, so the authors have helpfully grouped them into the following categories:

* Input Validation and Data Sanitization
* Declarations and Initialization
* Expressions
* Numeric Types and Operations
* Object Orientation
* Methods
* Exceptional Behavior (i.e.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 3 people found the following review helpful By Jeanne Boyarsky on November 20, 2011
Format: Paperback
"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again