Page History

\[Bloch 2007\] [Effective Java™ Reloaded: This Time It's (not) for Real|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2689.pdf], by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="908853cc6a660757-e4490c4b-4a0f4ad7-a05bb964-96568fa2eca35de24a4c0fb6"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>

\[Daconta 2003\] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)

\[UnicodeDavis 2008\] [Unicode Standard Annex #15, Unicode Normalization Forms|http://unicode.org/reports/tr15/], by Mark Davis and Martin Dürst. (2008)

\[UnicodeDavis 2008b\] [Unicode Technical Report #36, Unicode Security Considerations|http://www.unicode.org/reports/tr36/], by Mark Davis and Michel Suignard. (2008)

\[Dormann 2008\] [Signed Java Applet Security: Worse than ActiveX?|http://www.cert.org/blogs/vuls/2008/06/signed_java_security_worse_tha.html], by Will Dormann. CERT Vulnerability Analysis Blog. (2008)

\[Doshi 2003\] [Best Practices for Exception Handling|http://www.onjava.com/pub/a/onjava/2003/11/19/exceptions.html] by Gunjan Doshi. (2003)

\[Gong 2003\] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)

\[GreanierGrand 20002002\] [DiscoverPatterns thein secretsJava, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)

\[Lieberman 1986\] [Using prototypical objects to implement shared behavior in object-oriented systems|http://portal.acm.org/citation.cfm?id=28718]. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986) 

\[LongLo 2005\] [SoftwareSecurity VulnerabilitiesIssues in Garbage JavaCollection|http://www.stsc.seihill.cmuaf.edumil/publicationscrosstalk/documents2005/05.reports10/05tn0440510DanLo.html], by Fred Long, CMU/SEI-2005-TN-044. (2005)

\[LowLong 19972005\] [ProtectingSoftware JavaVulnerabilities Codein via ObfuscationJava|http://www.cssei.arizonacmu.edu/~collbergpublications/Researchdocuments/Students/DouglasLow/obfuscation05.reports/05tn044.html], by Fred Long, CMU/SEI-2005-TN-044. (2005)

\[OWASP 2008\] [OWASP|http://www.owasp.org/index.php/Main_Page]. (2008)

\[PatternsPermissions 20022008\] Patterns[Permissions in Java,the VolumeJava™ 1,SE Second6 Edition,Development by Mark Grand. Wiley. (2002)

\[Policy 2002\] [Default Policy Implementation and Policy File Syntax|http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html], Document revision 1.6, Sun Microsystems, Inc. (2002)

\[Pugh 20082004\] [DefectiveThe Java Code:Memory TurningModel WTF Code into a Learning Experience(discussions reference)|http://developerswww.cs.sunumd.comedu/learning~pugh/javaoneonlinejava/2008/pdf/TS-6589.pdf?cid=925745],memoryModel/] by William Pugh, Univ. of Maryland. JavaOne Conference. (20082004)

\[Pugh 20042008\] [TheDefective Java Memory Model (discussions reference) Code: Turning WTF Code into a Learning Experience|http://wwwdevelopers.cs.umd.edu/~pugh/java/memoryModel/]sun.com/learning/javaoneonline/2008/pdf/TS-6589.pdf?cid=925745], by William Pugh, Univ. of Maryland. JavaOne Conference. (20042008)

\[Pugh 2009\] [Defective Java Code: Mistakes That Matter|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-5335.pdf], by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)

\[Roubtsov 2003b\] [Into the mist of serialization myths|http://www.javaworld.com/javaworld/javaqa/2003-06/02-qa-0627-mythser.html?page=1], by Vladimir Roubtsov, JavaWorld.com.  (2003)

\[SchneierSCG 20002007\] SecretsSecure andCoding Lies—DigitalGuidelines Securityfor inthe aJava NetworkedProgramming World Language, byversion Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons2.0, Sun Microsystems, Inc. (20002007)

\[SCG 2007\] Secure Coding Guidelines for the Java Programming Language, version 2.0, Sun Microsystems, Inc. (2007)

\[Schildt 2007\] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)

\[SchwarzSchneier 20042000\] [AvoidingSecrets Checked Exceptions|http://www.oreillynet.com/onjava/blog/2004/09/avoiding_checked_exceptions.html], by Don Schwarz, ONJava (2004and Lies—Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)

\[Schoenefeld 2004\] Java Vulnerabilities in Opera 7.54  BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)

\[Schweisguth 2003\] [Java Tip 134: When catching exceptions, don't cast your net too wide|http://www.javaworld.com/javaworld/javatips/jw-javatip134.html?page=2], by  Dave Schweisguth. Javaworld.com. (2003)

\[SeacordSDN 20052008\] [SUN Developer Network|http://developers.sun.com/], Sun Microsystems, Inc. (1994-2008)

\[SecuritySpec 2008\] [http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html], Sun Microsystems, Inc. (2008)

\[SteelSen 20052007\] Core[Avoid Securitythe Patterns:dangers Bestof XPath injection|http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html], by Robi Sen, IBM developerWorks. (2007)

\[SterbenzSteinberg 20062005\] [Secure Coding Antipatterns: Avoiding VulnerabilitiesJava Developer Connection Tech Tips "Using the Varargs Language Feature"|http://gceclubjava.sun.com.cn/java_one_online/2006/TS-1238/TS-1238.pdf/developer/JDCTechTips/2005/tt0104.html], byDaniel AndreasH. Steinberg, January 4, 2005. (2005)

\[Steuck 2002\] [XXE (Xml eXternal Entity) attack|http://www.securityfocus.com/archive/1/297714], by Gregory Steuck (www.securityfocus.com). (2002)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0da60c87-1772-472b-a321-c6a0b01211a8"><ac:parameter ac:name="">SDN 08</ac:parameter></ac:structured-macro>

\[Sun 2003\] [Sun ONE Application Server 7 Performance Tuning Guide|http://docs.sun.com/source/817-2180-10/], Sun Microsystems, Inc. (2003)