Guidelines
Security
This chapter contains guidelines that are concerned specifically with ensuring security of Java-based applications. They are concerned with issues such as:
- dealing Dealing with sensitive data;.
- avoiding Avoiding common injection attacks;.
- language Language features that can be misused to compromise security; and.
- details Details of Java's fine-grained security mechanism.
Content by Label | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Defensive Programming
This chapter contains guidelines for defensive programming. Defensive programming is carefully guarded programming that helps you to construct reliable software by designing each component so it protects to protect itself as much as possible, for example, by checking that undocumented assumptions remain valid [Goodliffe 2006]. These guidelines look at address areas of the Java language that can help to constrain the effect of an error or help to recover from an error.
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Best Practices
This chapter includes guidelines that are:
- Essential Are essential for ensuring correctness of Java code;.
- SpecificContain specific, implementation-level java Java coding advice;.
- Have a higher normative requirement than the defensive programming category.
...
Content by Label | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Program Understandability
Program understandability is the ease with which the program can be understood. That understood—that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation [Grubb 2013]. Another term used to describe this property of source code is readability. Understandable code is easier to maintain because software maintainers are less likely to introduce defects if the into code that is clear and comprehensible. Understandability helps in manual analysis of source code because it allows the auditor to more easily spot defects and vulnerabilities.
The guidelines in this chapter are mainly stylistic in nature, and ; they will help a Java programmer to write code that it clearer and , more readable code.
Content by Label | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Programmer Misconceptions
This chapter contains guidelines that address:
- Misconceptions about Java APIs and language features;.
- Assumptions and ambiguity-laced programs;.
- Situations in which the programmer wanted to do x but ended up doing y.
They deal with address areas where developers often make unwarranted assumptions about how Java works , or where ambiguities can easily be introduced.
...