The CERT Oracle Secure Coding Standard for Java

Tuesday, October 18, 2011

Ben Rothke



It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. 

Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws. 

Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.

With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.

The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.

The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.

The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.

The first 100 pages of the book are available here.  After read it, you will be likely to want to see the next 650 pages.

Cross-posted from RSA

Possibly Related Articles:
Java Oracle Application Security Secure Coding CERT Guidelines Standards
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.