SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 300

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 301

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-Wesley (2013). See http://www.cert.org/books/secure-coding for news and errata.

Anchor
SecArch 06SecArch 06
[SecArch 2006] Java 2 Platform Security Architecture. Oracle (2006). AnchorSecurity 06Security 06 [Security 2006] Java Security Guides. Oracle (2006).
Anchor
SecuritySpec 08
SecuritySpec 08

[SecuritySpec 2008] Java Security Architecture. Oracle (2008/2010).

...

Anchor
Sethi 09
Sethi 09

[Sethi 2009] Sethi, Amit. Proper Use of Java's SecureRandom. Cigital Justice League Blog (2009).

Anchor
Steel Steinberg 05Steel
Steinberg 05

[Steel Steinberg 2005] Steel, Christopher, Ramesh Nagappan, and Ray Lai. Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management. Upper Saddle River, NJ: Prentice Hall PTR (2005Steinberg, Daniel H. Java Developer Connection Tech Tips: Using the Varargs Language Feature. (2005, January 4).

Anchor
Sterbenz 06
Sterbenz 06Steele 1977Steele 1977

[Steele 1977] Steele, Guy Lewis. Arithmetic Shifting Considered Harmful. SIGPLAN Notices 12(11):61–69 (1977)Sterbenz 2006] Sterbenz, Andreas, and Charlie Lai. Secure Coding Antipatterns: Avoiding Vulnerabilities. JavaOne Conference (2006).

Anchor
Sun 06
Sun 06Steinberg 05Steinberg 05

[Steinberg 2005] Steinberg, Daniel H. Java Developer Connection Tech Tips: Using the Varargs Language Feature. (2005, January 4)Sun 2006] Java™ Platform, Standard Edition 6 Documentation. Oracle (2006).

Anchor
Sutherland 10
Sutherland 10Sterbenz 06Sterbenz 06

[Sterbenz 2006Sutherland 2010] SterbenzSutherland, AndreasDean F., and Charlie Lai. Secure Coding Antipatterns: Avoiding Vulnerabilities. JavaOne Conference (2006). AnchorSteuck 02Steuck 02 [Steuck 2002] Steuck, Gregory. XXE (Xml eXternal Entity) Attack. SecurityFocus (2002). AnchorSun 04Sun 04 [Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated? Oracle (1999). AnchorSun 03Sun 03 [Sun 2003] Sun ONE Application Server 7 Performance Tuning Guide. Oracle (2003). AnchorSun 06Sun 06 [Sun 2006] Java™ Platform, Standard Edition 6 Documentation. Oracle (2006). AnchorSun 08Sun 08 [Sun 2008] Java™ Plug-in and Applet Architecture. Oracle (2008). AnchorSutherland 10Sutherland 10 [Sutherland 2010] Sutherland, Dean F., and William L. Scherlis. Composable Thread Coloring. In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. New York: ACM (2010).William L. Scherlis. Composable Thread Coloring. In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. New York: ACM (2010).

Anchor
Tools 11
Tools 11

[Tools 2011] JDK Tools and Utilities Specification. Oracle (2011).

Anchor
Tutorials 08
Tutorials 08

[Tutorials 2008] The Java Tutorials. Oracle (2008).

Anchor
Unicode 09
Unicode 09

[Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by The Unicode Standard, Version 5.2. Mountain View, CA: The Unicode Consortium (2009).

Anchor
Unicode 13
Unicode 13

[Unicode 2013] The Unicode Consortium. The Unicode Standard, Version 6.2.0, defined by Unicode 6.2.0. Mountain View, CA: The Unicode Consortium (2013).

Anchor
Viega 05
Viega 05

[Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software, 2005.

Anchor
W3C 03
W3C 03

[W3C 2003] The World Wide Web Security FAQ. World Wide Web Consortium (W3C) (2003).

Anchor
Ware 08
Ware 08

[Ware 2008] Ware, Michael S. Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools (thesis). James Madison University (2008 Anchor Tanenbaum 03 Tanenbaum 03 [Tanenbaum 2003] Tanenbaum, Andrew S., and Maarten Van Steen. Distributed Systems: Principles and Paradigms, 2nd. ed. Upper Saddle River, NJ: Prentice Hall. AnchorTechtalk 07Techtalk 07 [Techtalk 2007] Bloch, Josh, and William Pugh. The Phantom-Reference Menace, Attack of the Clone, Revenge of the Shift. JavaOne Conference (2007). AnchorTomcat 09Tomcat 09 [Tomcat 2009] Tomcat Documentation: Changelog and Security Fixes. Apache Software Foundation (2009). AnchorTools 11Tools 11 [Tools 2011] JDK Tools and Utilities Specification. Oracle (2011). AnchorTutorials 08Tutorials 08 [Tutorials 2008] The Java Tutorials. Oracle (2008). AnchorUnicode 09Unicode 09 [Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by The Unicode Standard, Version 5.2. Mountain View, CA: The Unicode Consortium (2009). AnchorUnicode 13Unicode 13 [Unicode 2013] The Unicode Consortium. The Unicode Standard, Version 6.2.0, defined by Unicode 6.2.0. Mountain View, CA: The Unicode Consortium (2013). AnchorVenners 97Venners 97 [Venners 1997] Venners, Bill. Security and the Class Loader Architecture. Java World.com (1997). AnchorVenners 03Venners 03 [Venners 2003] Venners, Bill. Failure and Exceptions: A Conversation with James Gosling, Part II. (2003). AnchorViega 05Viega 05 [Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software, 2005. AnchorW3C 03W3C 03 [W3C 2003] The World Wide Web Security FAQ. World Wide Web Consortium (W3C) (2003). AnchorW3C 08W3C 08 [W3C 2008] Bray, Tim, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François Yergeau. Extensible Markup Language (XML) 1.0, 5th ed. W3C Recommendation (2008). AnchorWare 08Ware 08 [Ware 2008] Ware, Michael S. Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools (thesis). James Madison University (2008). AnchorWeber 09Weber 09 [Weber 2009] Weber, Chris. Exploiting Unicode-Enabled Software. CanSecWest (2009). AnchorWheeler 03Wheeler 03 [Wheeler 2003] Wheeler, David A. Secure Programming for Linux and UNIX HOWTO (2003).

Anchor
White 03
White 03

[White 2003] White, Tom. Memoization in Java Using Dynamic Proxy Classes. O'Reilly onJava.com (August 20, 2003).

Anchor
Zadegan 09
Zadegan 09

[Zadegan 2009] Zadegan, Bryant. A Lesson on Infinite Loops (2009). AnchorZukowski 04Zukowski 04 [Zukowski 2004] Zukowski, John. Java Developer Connection Tech Tips: Creating Custom Security Permissions (2004).