CERT Oracle Secure Coding Standard for Java, The (SEI Series in Software Engineering)

"The CERT Oracle Secure Coding Standard for Java" is a thoroughly researched and authoritative guide to secure coding in Java. It specifically focuses on Java SE 6 and some of the features of Java SE 7, so don't look for coverage of security best practices for Java EE and certainly not for web application security issues that target aspects of HTTP, HTML, or JavaScript (e.g., Cross-Site Scripting, Cross-Site Request Forgery, etc.). The book actually goes beyond guidance for coding a secure application, providing insight into building a solid, high quality application. Indeed, in the Preface it notes that the goal of the rules is to help developers build "higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable".The coding standards are provided as a clearly documented set of rules, each one including some summary information about the rule, code examples of the rule not being followed as well as code that does follow the rule, enumerated exceptions where it's permissible to deviate from the rule, and lastly a risk assessment of the vulnerability that arises when you don't follow the rule. The list of rules is extensive, so the authors have helpfully grouped them into the following categories:* Input Validation and Data Sanitization* Declarations and Initialization* Expressions* Numeric Types and Operations* Object Orientation* Methods* Exceptional Behavior (i.e., proper usage and handling of exceptions)* Visibility and Atomicity* Locking* Thread APIs* Thread Pools* Thread-Safety Miscellaneous* Input Output* Serialization* Platform Security* Runtime Environment* MiscellaneousThis presentation format lends itself to a very organized and comprehensive treatment of the subject, but doesn't make it the type of book that you can easily read from cover to cover. It would be fair to say that it reads more like a reference book that's tremendously useful when you're interested in practical secure Java coding practices for a specific area rather than as a training guide. Before finding that specific topic of interest, however, it would be wise to read the excellent introductory chapter. The introduction provides overviews of each of the principle sources of vulnerabilities in Java applications: misplaced trust; injection attacks (including a very helpful explanation of the appropriate use and sequencing of validation, sanitization, canonicalization, and normalization); leaking sensitive data; leaking capabilities; denial of service; serialization; concurrency, visibility, and memory; security managers; and class loaders.It's also important to note that many of the rules focus on how to write mobile code that can be safely executed in untrusted systems or how to use untrusted mobile code on trusted systems. In these cases, the attacker is writing code that interacts with your code and takes advantage of vulnerabilities you have left by not following the prescribed rules. This attacker context is quite different from that of an external hacker trying to take advantage of flaws in a web site, for example.Although the book is probably best used as a reference guide in which you'll seek out a topic of interest rather than read from front to back, it's undeniably a highly valuable contribution to the topic of secure Java coding. As such, it's a useful addition to the bookshelves of Java architects, developers, and application security auditors.

Well-written book. Serves its purpose that my team is using it for. Every sprint they choose new security standards to address (and automate) and this book is a big help in that regard. Easy to dissect and find useful information.

Got chance to read this book over the weekend.Positive: Code snippets for each scenario.Most of the security issues are the ones we generally practice on day to day basis.This is good book to have for Thread related issues.

Nice reference material, but not very useful for the average developer. It has an small introductory chapter on secure coding practices and the remaining of the book is a list of common vulnerabilities and a short advise on how to avoid them, but it lacks details on how to identify and address them or on how the developers should change their programming practices to avoid introducing them in the first place. If you are looking for a book to help you code secure applications, you should look somewhere else.

It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products.Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws.Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely.With that, The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits.The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.The book includes various rules and recommended practices for secure programming for Java SE6 and SE 7. Unfortunately, the book does not provide an on-line reference to version 1.0.The book also covers the most common coding errors that lead to Java vulnerabilities and detail how they can be avoided.For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Java is a very useful resource that no programmer should be without.The first 100 pages of the book are available here. After read it, you will be likely to want to see the next 650 pages.

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.In any case, the practices are excellent. They are clearly documented in the form of:attack/flawbad code examplegood code exampleI think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.---Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

A must read

Massive detail, a little dull but that's the nature of the subject :)