Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering) 1st Edition

4.0 out of 5 stars 8 customer reviews
ISBN-13: 978-0321803955
ISBN-10: 0321803957
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Trade in your item
Get a $1.11
Gift Card.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$23.09 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$50.73 On clicking this link, a new layer will be open
More Buying Choices
12 New from $42.02 22 Used from $19.10
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Excel2016ForDummiesVideo
Excel 2016 For Dummies Video Training
Discover what Excel can do for you with self-paced video lessons from For Dummies. Learn more.
$50.73 FREE Shipping. Only 4 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)
  • +
  • Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
  • +
  • Iron-Clad Java: Building Secure Web Applications (Oracle Press)
Total price: $116.29
Buy the selected items together

Editorial Reviews

About the Author

Ve>Fred Long is a senior lecturer and director of learning and teaching in the Department of Computer Science, Aberystwyth University in the United Kingdom. He lectures on formal methods; Java, C++, and C programming paradigms and programming-related security issues. He is chairman of the British Computer Society’s Mid-Wales Sub-Branch. Fred has been a Visiting Scientist at the Software Engineering Institute since 1992. Recently, his research has involved the investigation of vulnerabilities in Java.

 

Dhruv Mohindra is a senior software engineer at Persistent Systems Limited, India, where he develops monitoring software for widely used enterprise servers. He has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community.

 

Dhruv has also worked for Carnegie Mellon University, where he obtained his master of science degree in information security policy and management. He holds an undergraduate degree in computer engineering from Pune University, India, where he researched with Calsoft, Inc., during his academic pursuit.

 

A writing enthusiast, Dhruv occasionally contributes articles to technology magazines and online resources. He brings forth his experience and learning from developing and securing service oriented applications, server monitoring software, mobile device applications, web-based data miners, and designing user-friendly security interfaces.

 

Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.

 

Robert manages the Secure Coding Initiative at CERT, located in Carnegie Mellon’s Software Engineering Institute in Pittsburgh, Pennsylvania. CERT, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute.

 

Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert has a bachelor’s degree in computer science from Rensselaer Polytechnic Institute.

 

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group, was a key instigator of the design and deployment of a new software development process for Tartan, led R&D projects, and provided both technical and project leadership for the 12-person compiler back-end group.

 

David Svoboda is a software security engineer at CERT. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has over 13 years of Java development experience, starting with Java 2, and his Java projects include Tomcat servlets and Eclipse plug-ins. David is also actively involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/ SC22/WG21 group for C++.

NO_CONTENT_IN_FEATURE

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Series: SEI Series in Software Engineering
  • Paperback: 744 pages
  • Publisher: Addison-Wesley Professional; 1 edition (September 18, 2011)
  • Language: English
  • ISBN-10: 0321803957
  • ISBN-13: 978-0321803955
  • Product Dimensions: 7 x 1.6 x 9 inches
  • Shipping Weight: 2.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #140,639 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

Format: Paperback
It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products.

Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.

Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.

With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.

The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.

The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.

The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.

The first 100 pages of the book are available here. After read it, you will be likely to want to see the next 650 pages.
Comment 7 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I really like the CERT books. This one is no different, however, it is not one to read from cover to cover, at least not for me. It contains a catalog of rules for programming secure java code. What I have been doing is using it to look up rules about topics found in other resources that I have been using to learn the java environment.

Although the book contains a great index, there is an online version of this book which is really nice. It contains a really sweet search. I have been using that a lot to find the topics I am interested in, marking them in the book, and then reading about them in the book. The online version of the book contains all the code samples found in the book.

The is a nice introduction that you will want to completely read. It gives a really nice overview of java programming security issues and introduces the concepts that can make it safer. The concepts in this chapter introduce the chapters that contain the details rules.

After the introduction the book contains the following chapters. Input Validation and Data Sanitization, Declarations and Initialization, Expressions, Numeric Types and Operations, Object Orientation, Methods, Exceptional Behavior, Visibility and Atomicity, Locking, Thread APIs, Thread Pools, Thread-Safety Miscellaneous, Input Output, Serialization, Platform Security, Runtime Environment, and Miscellaneous.

There are a ton of nice code samples which show the commonly implemented noncompliant solutions and then the compliant solutions. I mentioned above they are all available online.

Although there is a free online version, I am not one to read e-books or anything on the computer I don't have to. I am on it way too much to want to read on it when I don't have to.
Read more ›
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
"The CERT Oracle Secure Coding Standard for Java" is a thoroughly researched and authoritative guide to secure coding in Java. It specifically focuses on Java SE 6 and some of the features of Java SE 7, so don't look for coverage of security best practices for Java EE and certainly not for web application security issues that target aspects of HTTP, HTML, or JavaScript (e.g., Cross-Site Scripting, Cross-Site Request Forgery, etc.). The book actually goes beyond guidance for coding a secure application, providing insight into building a solid, high quality application. Indeed, in the Preface it notes that the goal of the rules is to help developers build "higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable".

The coding standards are provided as a clearly documented set of rules, each one including some summary information about the rule, code examples of the rule not being followed as well as code that does follow the rule, enumerated exceptions where it's permissible to deviate from the rule, and lastly a risk assessment of the vulnerability that arises when you don't follow the rule. The list of rules is extensive, so the authors have helpfully grouped them into the following categories:

* Input Validation and Data Sanitization
* Declarations and Initialization
* Expressions
* Numeric Types and Operations
* Object Orientation
* Methods
* Exceptional Behavior (i.e.
Read more ›
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: The CERT Oracle Secure Coding Standard for Java (SEI Series in Software Engineering)