Preview - The CERT Oracle Secure Coding Standard for Java


Posted on by Ben Rothke

It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. 

Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.  

Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely. 

With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.

The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic. 

The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0. 

The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided. 

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without. 

The first 100 pages of the book are available here.  After read it, you will be likely to want to see the next 650 pages.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs