It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products.
Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.
Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.
With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.
The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.
The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.
The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.
For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.
The first 100 pages of the book are available here. After read it, you will be likely to want to see the next 650 pages.