SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Fred Long

Saved on

compared with

New Version Current

changes.mady.by.user Matthew Churilla

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add ASVS NIST800-63

Anchor
Apache 13
Apache 13
Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit. The Apache Software Foundation (2014).

Anchor
API 06
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle (2006).

Anchor
API 11
API 11
Anchor
API 13
API 13

[API 2011] Java Platform, Standard Edition 7 API Specification, Oracle (2011).

Anchor
API 14
API 14

[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle (2014).

Anchor
Arnold 06
Arnold 06

[Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java Programming Language, 4th ed., Boston: Addison-Wesley (2006).

Anchor
ASVS
ASVS

[ASVS 2019] OWASP Application Security Verification Standard Project (2019).

Anchor
Black 04
Black 04

[Black 2004] Black, Paul E., and Paul J. Tanenbaum. "Partial order." In Dictionary of Algorithms and Data Structures [online]. Paul E. Black, ed., U.S. National Institute of Standards and Technology (2004).

Anchor
Bloch 01
Bloch 01

[Bloch 2001] Bloch, Joshua. Effective Java: Programming Language Guide. Boston: Addison-Wesley (2001).

Anchor
Bloch 05
Bloch 05

[Bloch 2005] Bloch, Joshua, and Neal Gafter. Java Puzzlers: Traps, Pitfalls, and Corner Cases. Upper Saddle River, NJ: Addison-Wesley (2005).

Anchor
Bloch 08
Bloch 08

[Bloch 2008] Bloch, Joshua. Effective Java, 2nd ed. Upper Saddle River, NJ: Addison-Wesley (2008).

Anchor
Campione 96
Campione 96

[Campione 1996] Campione, Mary, and Kathy Walrath. The Java Tutorial: Object-Oriented Programming for the Internet. Reading, MA: Addison-Wesley (1996).

Anchor
Chan 99
Chan 99

[Chan 1999] Chan, Patrick, Rosanna Lee, and Douglas Kramer. The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, 2nd ed., vol. 1. Upper Saddle River, NJ: Prentice Hall (1999).

Anchor
Cohen 81
Cohen 81

[Cohen 1981] Cohen, D. On Holy Wars and a Plea for Peace, IEEE Computer, 14(10):48–54 (1981).

Anchor
Conventions 09
Conventions 09

[Conventions 2009] Code Conventions for the Java Programming Language. Oracle (2009).

Anchor
Coomes 07
Coomes 07

[Coomes 2007] Coomes, John, Peter Kessler, and Tony Printezis. Garbage Collection-Friendly Programming. Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference (2007).

Anchor
Core Java 04
Core Java 04

[Core Java 2004] Horstmann, Cay S., and Gary Cornell. Core Java™ 2, Vol. I: Fundamentals, 7th ed. Upper Saddle River, NJ: Prentice Hall PTR (2004).

Anchor
Coverity 07
Coverity 07

[Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity (2007).

Anchor
Daconta 03
Daconta 03

[Daconta 2003] Daconta, Michael C., Kevin T. Smith, Donald Avondolio, and W. Clay Richardson. More Java Pitfalls: 50 New Time-Saving Solutions and Workarounds. Indianapolis, IN: Wiley (2003).

Anchor
Davis 08
Davis 08

[Davis 2008] Davis, Mark, and Ken Whistler (Ed.). Unicode Standard Annex #15: Unicode Normalization Forms (2008).

Anchor
Dennis 1966
Dennis 1966

[Dennis 1966] Dennis, Jack B., and Earl C. Van Horn. 1966. Programming Semantics for Multiprogrammed Computations. Communications of the ACM, 9(3):143–155 (1966). doi: 10.1145/365230.365252.

Anchor
Dougherty 2009
Dougherty 2009

[Dougherty 2009] Dougherty, Chad, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi. Secure Design Patterns. CMU/SEI-2009-TR-010 (2009).

Anchor
ESA 05
ESA 05

[ESA 2005] ESA (European Space Agency). Java Coding Standards. Prepared by ESA Board for Software Standardisation and Control (BSSC) (2005).

Anchor
FindBugs 08
FindBugs 08

[FindBugs 2008] FindBugs Bug Descriptions (2008/2011).

Anchor
Flanagan 05
Flanagan 05

[Flanagan 2005] Flanagan, David. Java in a Nutshell, 5th ed. Sebastopol, CA: O'Reilly Media (2005).

Anchor
Fortify 08
Fortify 08
Anchor
Fortify 14
Fortify 14

[Fortify 2014] Fortify Software Security Research Group with Gary McGraw. A Taxonomy of Coding Errors That Affect Security (see Java/JSP) (2008/2014).

Anchor
GNU 13
GNU 13

[GNU 2013] GNU Coding Standards, §5.3, "Clean Use of C Constructs." Richard Stallman and other GNU Project volunteers (2013).

Anchor
Goetz 04
Goetz 04

[Goetz 2004] Goetz, Brian. Java Theory and Practice: Garbage Collection and Performance: Hints, Tips, and Myths about Writing Garbage Collection-Friendly Classes. IBM developerWorks (2004).

Anchor
Goetz 06
Goetz 06

[Goetz 2006] Goetz, Brian, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea. Java Concurrency in Practice. Boston: Addison-Wesley Professional (2006).

Anchor
Goetz 07
Goetz 07

[Goetz 2007] Goetz, Brian. Java Theory and Practice: Managing Volatility: Guidelines for Using Volatile Variables. IBM developerWorks (2007).

Anchor
Gong 03
Gong 03

[Gong 2003] Gong, Li, Gary Ellison, and Mary Dageforde. Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed. Boston: Addison-Wesley (2003).

Anchor
Goodliffe 06
Goodliffe 06
Anchor
Goodliffe 07
Goodliffe 07

[Goodliffe 2007] Pete Goodliffe. Code Craft: The Practice of Writing Excellent Code. San Francisco: No Starch Press (2007).

Anchor
Grand 02
Grand 02

[Grand 2002] Grand, Mark. Patterns in Java, Vol. 1: A Catalog of Reusable Design Patterns Illustrated with UML, 2nd ed. Indianapolis, IN: Wiley (2002).

Anchor
Grubb 03
Grubb 03

[Grubb 2003] Penny Grubb, and Armstrong A. Takang. Software Maintenance Concepts and Practice, 2nd ed.  River Edge, NJ: World Scientific (2003).       

Anchor
Guillardoy 12
Guillardoy 12

[Guillardoy 2012] Guillardoy, Esteban. Java 0-day Analysis (CVE-2012-4681) (2012).

Anchor
Hatton 95
Hatton 95

[Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill (1995).

Anchor
Havelund 10
Havelund 10
Anchor
Havelund 09
Havelund 09

[Havelund 2009]  Havelund, Klaus, and Al Niessner.  JPL Coding Standard, Version 1.1 (2009)  

Anchor
Hawtin 06
Hawtin 06

[Hawtin 2006] Hawtin, Thomas. [drlvm][kernel_classes] ThreadLocal Vulnerability. MarkMail (2006).

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Hirondelle Systems. Passwords Never Clear in Text (2013).

Anchor
ISO/IEC 01
ISO/IEC 01

[ISO/IEC 9126-1:2001] Software Engineering—Product Quality—Part 1, Quality Model (ISO/IEC 9126-1:2001). Geneva, Switzerland: International Organization for Standardization (2001).

Anchor
ISO/IEC 10
ISO/IEC 10

[ISO/IEC 24765:2010] Systems and Software Engineering—Vocabulary (ISO/IEC 24765:2010). Geneva, Switzerland: International Organization for Standardization (2010).

Anchor
JLS 13
JLS 13

[JLS 2013] Gosling, James, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley. Java Language Specification: Java SE 7 Edition. Oracle America (2013).

Anchor
Jovanovic 06
Jovanovic 06

[Jovanovic 2006] Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 258–263, May 21–24, Oakland, CA (2006).

Anchor
JPL 06
JPL 06

[JPL 2006] Arnold, Ken, James Gosling, and David Holmes. The Java™ Programming Language, 4th ed. Reading, MA: Addison-Wesley Professional (2006).

Anchor
JVMSpec 99
JVMSpec 99

[JVMSpec 1999] The Java Virtual Machine Specification. Sun Microsystems (1999).

Anchor
JVMSpec 13
JVMSpec 13

[JVMSpec 2013] The Java Virtual Machine Specification: Java SE 7 Edition. Oracle America (2013).

Anchor
Kabanov 09
Kabanov 09

[Kabanov 2009] Kabanov, Jevgeni. The Ultimate Java Puzzler (2009).

Anchor
Kalinovsky 04
Kalinovsky 04

[Kalinovsky 2004] Kalinovsky, Alex. Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering. Indianapolis: SAMS (2004).

Anchor
Knoernschild 02
Knoernschild 02

[Knoernschild 2002] Knoernschild, Kirk. Java™ Design: Objects, UML, and Process. Boston: Addison-Wesley Professional (2002).

Anchor
Lea 00
Lea 00

[Lea 2000] Lea, Doug. Concurrent Programming in Java: Design Principles and Patterns, 2nd ed. Boston: Addison-Wesley (2000).

Anchor
Lo 05
Lo 05

[Lo 2005] Lo, Chia-Tien Dan, Witawas Srisa-an, and J. Morris Chang. Security Issues in Garbage Collection. STSC Crosstalk, (2005, October).

Anchor
Long 11
Long 11
Anchor
Long 12
Long 12

[Long 2012] Long, Fred, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, and David Svoboda. The CERT Oracle Secure Coding Standard for Java, SEI Series in Software Engineering. Boston: Addison-Wesley (2012).

Anchor
Manion 13
Manion 13

[Manion 2013] Manion, Art. Anatomy of Java Exploits, CERT/CC Blog (January 15, 2013).

Anchor
Martin 96
Martin 96

[Martin 1996] Martin, Robert C. Granularity. The C++ Report 8(10):57–62 (1996).

Anchor
McGraw 99
McGraw 99

[McGraw 1999] McGraw, Gary, and Edward W. Felten. Securing Java: Getting Down to Business with Mobile Code, 2nd ed. New York: Wiley (1999).

Anchor
Mettler 10
Mettler 10

[Mettler 2010] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI: 10.1145/1814217.1814224, 2010.

Anchor
Miller 09
Miller 09

[Miller 2009] Miller, Alex. Java™ Platform Concurrency Gotchas. JavaOne Conference (2009).

Anchor
Netzer 92
Netzer 92

[Netzer 1992] Netzer, Robert H. B., and Barton P. Miller. What Are Race Conditions? Some Issues and Formalization. ACM Letters on Programming Languages and Systems 1(1):74–88 (1992).

Anchor
NIST 800-63
NIST 800-63

[NIST 2017] NIST Special Publication 800-63 (2017).

Anchor
Oaks 01
Oaks 01

[Oaks 2001] Oaks, Scott. Java Security. Sebastopol, CA: O'Reilly (2001).

Anchor
Oracle 08
Oracle 08

[Oracle 2008] Permissions in the Java™ SE 6 Development Kit (JDK). Oracle (2008).

Anchor
Oracle 10a
Oracle 10a

[Oracle 2010a] Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning. Oracle (2010).

Anchor
Oracle 10b
Oracle 10b

[Oracle 2010b] New I/O APIs. Oracle (2010).

Anchor
Oracle 11a
Oracle 11a
Anchor
Oracle 11
Oracle 11

[Oracle 2011a] Java PKI Programmer's Guide, Oracle, 2011.

Anchor
Oracle 11b
Oracle 11b

[Oracle 2011b] Java Platform™, Standard Edition 6 Documentation, Oracle, 2011.

Anchor
Oracle 11c
Oracle 11c

[Oracle 2011c] Package javax.servelt.http, Oracle  2011.

Anchor
Oracle 11d
Oracle 11d

[Oracle 2011d] Permissions in the Java™ SE 6 Development Kit (JDK), Oracle, 2011.

Anchor
Oracle 12a
Oracle 12a

[Oracle 2012a] API for Privileged Blocks. Oracle (1993/2012).

Anchor
Oracle 12b
Oracle 12b

[Oracle 2012b] "Reading ASCII Passwords from an InputStream Example," Java Cryptography Architecture (JCA) Reference Guide. Oracle (2012).

Anchor
Oracle 12c
Oracle 12c

[Oracle 2012c] Java Platform Standard Edition 7 Documentation. Oracle (2012).

Anchor
Oracle 13a
Oracle 13a

[Oracle 2013a] API for Privileged Blocks, Oracle, 1993/2013.

Anchor
Oracle 13b
Oracle 13b

[Oracle 2013b] Reading ASCII Passwords from an InputStream Example, Java Cryptography Architecture (JCA) Reference Guide, Oracle, 2013.

Anchor
Oracle 13c
Oracle 13c

[Oracle 2013c] Java Platform Standard Edition 7 Documentation, Oracle, 2013.

Anchor
Oracle 13d
Oracle 13d
Anchor
Oracle 13
Oracle 13

[Oracle 2013d] Oracle Security Alert for CVE-2013-0422, Oracle, 2013.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] OWASP (Open Web Application Security Project). A Guide to Building Secure Web Applications and Web Services (2005).

Anchor
OWASP 08
OWASP 08

[OWASP 2008] OWASP. Open Web Application Security Project homepage (2008).

Anchor
OWASP 09
OWASP 09

[OWASP 2009] OWASP. Session Fixation in Java (2009).

Anchor
OWASP 11
OWASP 11

[OWASP 2011] OWASP. Cross-site Scripting (XSS) (2011).

Anchor
OWASP 12
OWASP 12

[OWASP 2012] OWASP. "Why Add Salt?" Hashing Java (2012).

Anchor
OWASP 13
OWASP 13

[OWASP 2013] OWASP. OWASP Guide Project (2011).

Anchor
Paar 09
Paar 09
Anchor
Paar 10
Paar 10

[Paar 2010] Paar, Christof, and Jan Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. New York: Springer (2009). (Companion website contains online cryptography course that covers hash functions.)

Anchor
Pistoia 04
Pistoia 04

[Pistoia 2004] Pistoia, Marco, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin. Enterprise Java Security: Building Secure J2EE Applications. Boston: Addison-Wesley (2004).

Anchor
Policy 02
Policy 02
Anchor
Policy 10
Policy 10

[Policy 2010] Default Policy Implementation and Policy File Syntax, Document revision 1.6, Oracle (2010).

Anchor
Reddy 00
Reddy 00

[Reddy 2000] Reddy, Achut. Java Coding Style Guide. (2000).

Anchor
Rogue 00
Rogue 00

[Rogue 2000] Vermeulen, Allan, Scott W. Ambler, Greg Bumgardner, and Eldon Metz. The Elements of Java Style. New York: Cambridge University Press (2000).

Anchor
SCG 10
SCG 10

[SCG 2010] Secure Coding Guidelines for the Java Programming Language, version 4.0. Oracle (2010).

Anchor
Seacord 08
Seacord 08
Anchor
Seacord 09
Seacord 09

[Seacord 2009] Seacord, Robert C. The CERT C Secure Coding Standard. Boston: Addison-Wesley (2009).

Anchor
Seacord 12
Seacord 12

[Seacord 2012] Seacord, Robert, Will Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch. Source Code Analysis Laboratory (SCALe) (CMU/SEI-2012-TN-013). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn013.cfm.

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-Wesley (2013). See http://www.cert.org/books/secure-coding for news and errata.

Anchor
SecuritySpec 08
SecuritySpec 08
Anchor
SecuritySpec 10
SecuritySpec 10

[SecuritySpec 2010] Java Security Architecture. Oracle (2010).

Anchor
Sen 07
Sen 07

[Sen 2007] Sen, Robi. Avoid the Dangers of XPath Injection. IBM developerWorks (2007).

Anchor
Sethi 09
Sethi 09

[Sethi 2009] Sethi, Amit. Proper Use of Java's SecureRandom. Cigital Justice League Blog (2009).

Anchor
Steinberg 05
Steinberg 05
Anchor
Steinberg 08
Steinberg 08

[Steinberg 2008] Steinberg, Daniel H. Using the Varargs Language Feature. Java Developer Connection Tech Tips (2008).

Anchor
Sterbenz 06
Sterbenz 06

[Sterbenz 2006] Sterbenz, Andreas, and Charlie Lai. Secure Coding Antipatterns: Avoiding Vulnerabilities. JavaOne Conference (2006).

Anchor
Sun 06
Sun 06

[Sun 2006] Java™ Platform, Standard Edition 6 Documentation. Oracle (2006).

Anchor
Sutherland 10
Sutherland 10

[Sutherland 2010] Sutherland, Dean F., and William L. Scherlis. Composable Thread Coloring. In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. New York: ACM (2010).

Anchor
Tools 11
Tools 11

[Tools 2011] JDK Tools and Utilities Specification. Oracle (2011).

Anchor
Tutorials 08
Tutorials 08
Anchor
Tutorials 13
Tutorials 13

[Tutorials 2013] The Java Tutorials. Oracle (2013).

Anchor
Unicode 09
Unicode 09

[Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by The Unicode Standard, Version 5.2. Mountain View, CA: The Unicode Consortium (2009).

Anchor
Unicode 13
Unicode 13

[Unicode 2013] The Unicode Consortium. The Unicode Standard, Version 6.2.0, defined by Unicode 6.2.0. Mountain View, CA: The Unicode Consortium (2013).

Anchor
Vermeulen 00
Vermeulen 00

[Vermeulen 2000] Vermeulen, Allan, Scott W. Ambler, Greg Bumgardner, and Eldon Metz. The Elements of Java Style. New York: Cambridge University Press (2000).

Anchor
Viega 05
Viega 05

[Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software (2005).

Anchor
W3C 03
W3C 03

[W3C 2003] The World Wide Web Security FAQ. World Wide Web Consortium (W3C) (2003).

Anchor
Ware 08
Ware 08

[Ware 2008] Ware, Michael S. Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools (thesis). James Madison University (2008).

Anchor
White 03
White 03

[White 2003] White, Tom. Memoization in Java Using Dynamic Proxy Classes. O'Reilly onJava.com (2003).

Anchor
Zadegan 09
Zadegan 09

[Zadegan 2009] Zadegan, Bryant. A Lesson on Infinite Loops (2009).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f1294f30-0a39-4f27-9cce-a79828bfbd80"><ac:parameter ac:name="">API 06</ac:parameter></ac:structured-macro>
\[API 06\] [Java Platform, Standard Edition 6 API Specification|http://java.sun.com/javase/6/docs/api/] (2006)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4436766e-a713-4e11-b9c7-3d93f9fdd8ab"><ac:parameter ac:name="">Bloch 01</ac:parameter></ac:structured-macro>
\[Bloch 01] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9dda0235-782e-4bac-9cb1-0f9840a18c91"><ac:parameter ac:name="">Bloch 05</ac:parameter></ac:structured-macro>
\[Bloch 05\] Java™ Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6cef34ef-412b-4504-a8d2-3cc57bb60ed0"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>
\[Bloch 08\] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04cfcaf2-0d17-4a11-9906-76a6691ed242"><ac:parameter ac:name="">Campione 96</ac:parameter></ac:structured-macro>
\[Campione 96\] [The Java Tutorial, by Mary Campione and Kathy Walrath|http://www.telecom.ntua.gr/HTML.Tutorials/index.html] (1996)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87bc3628-8dab-49de-a808-aa8730ab67f3"><ac:parameter ac:name="">Chan 99</ac:parameter></ac:structured-macro>
\[Chan 99\] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0ccec87-2e1d-4f43-9a9b-458115affcaa"><ac:parameter ac:name="">Daconta 03</ac:parameter></ac:structured-macro>
\[Daconta 03\] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24ecea4a-3910-4157-a69b-2d5d299a6b61"><ac:parameter ac:name="">Darwin 04</ac:parameter></ac:structured-macro>
\[Darwin 04\] Java Cookbook, by Ian F. Darwin (2004)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de14930a-d2c1-4e32-8383-66ba7adda852"><ac:parameter ac:name="">Doshi 03</ac:parameter></ac:structured-macro>
\[Doshi 03\] [Best Practices for Exception Handling|http://www.onjava.com/pub/a/onjava/2003/11/19/exceptions.html] by Gunjan Doshi. (2003)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7cc17930-594f-4b78-a41a-4d2840c57283"><ac:parameter ac:name="">Enterprise 03</ac:parameter></ac:structured-macro>
\[Enterprise 03\] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="97f74cc1-c55f-4652-b384-b6189d0882ea"><ac:parameter ac:name="">FindBugs 08</ac:parameter></ac:structured-macro>
\[FindBugs 08\] [FindBugs Bug Descriptions|http://findbugs.sourceforge.net/bugDescriptions.html] (2008)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b58dda0d-8201-4c41-96fd-a23dcea9417d"><ac:parameter ac:name="">Flanagan 05</ac:parameter></ac:structured-macro>
\[Flanagan 05\] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ed7a6af-8588-4e95-936b-c3c1129fe09e"><ac:parameter ac:name="">Garms 01</ac:parameter></ac:structured-macro>
\[Garms 01\] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c371cac-cc0a-4a56-80a8-d514bdc589ac"><ac:parameter ac:name="">Gong 03</ac:parameter></ac:structured-macro>
\[Gong 03\] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6317f1c2-a319-466a-9e5e-62cf013b6164"><ac:parameter ac:name="">Green 08</ac:parameter></ac:structured-macro>
\[Green 08\] [Canadian Mind Products Java & Internet Glossary|http://mindprod.com/jgloss/jgloss.html] by Roedy Green. (2008)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42236ff5-85cc-4661-a3a6-882eb21d9ab6"><ac:parameter ac:name="">Goetz 06</ac:parameter></ac:structured-macro>
\[Goetz 06\] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05e36102-2f83-4ada-8ea0-6235826d69a4"><ac:parameter ac:name="">Harold 97</ac:parameter></ac:structured-macro>
\[Harold 97\] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb453560-b5d1-4592-bff7-7dd7e0ea58bb"><ac:parameter ac:name="">Harold 99</ac:parameter></ac:structured-macro>
\[Harold 99\] Java I/O, by Elliote Rusty Harold. O'REILLY. (1999)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="520bc453-959f-44d8-bfa2-9b2427050afd"><ac:parameter ac:name="">J2SE 00</ac:parameter></ac:structured-macro>
\[J2SE 00\] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems. [J2SE Documentation version 1.3|http://java.sun.com/j2se/1.3/docs/guide/] (2000)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="474310c2-6767-4fc5-9e26-1d249c14a0b2"><ac:parameter ac:name="">JLS 05</ac:parameter></ac:structured-macro>
\[JLS 05\] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. [The Java Language Specification.|http://java.sun.com/docs/books/jls/index.html] (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1286f716-1cdf-4ce9-813c-da0343af0b7b"><ac:parameter ac:name="">JLS 06</ac:parameter></ac:structured-macro>
\[JLS 06\] Java Language Specification, 4th edition. by Ken Arnold, James Gosling, and David Holmes. Prentice Hall, The Java Series. (2006)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d22d527-a2b0-4178-9f34-3f524ff5921e"><ac:parameter ac:name="">Kabutz 01</ac:parameter></ac:structured-macro>
\[Kabutz 01\] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34d32e7e-77c6-4b84-a56e-ef14b409ff07"><ac:parameter ac:name="">Kalinovsky 04</ac:parameter></ac:structured-macro>
\[Kalinovsky 04\] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing. (2004)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c55f7fb3-9b92-4cfa-8a70-6c823b6840cb"><ac:parameter ac:name="">Lea 00</ac:parameter></ac:structured-macro>
\[Lea 00\] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems. (2000)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd8a3955-5aca-4677-ae3c-d542a30e014b"><ac:parameter ac:name="">Liang 97</ac:parameter></ac:structured-macro>
\[Liang 97\] The Java™ Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e853b6b-3f3f-4658-9ca6-7a68f2811b00"><ac:parameter ac:name="">Low 97</ac:parameter></ac:structured-macro>
\[Low 97\] [Protecting Java Code via Obfuscation|http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation.html], by Douglas Low. (1997)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89d4ad51-93bc-4936-929d-d3e9b700b278"><ac:parameter ac:name="">Kalinovsky 04</ac:parameter></ac:structured-macro>
\[Kalinovsky 04\] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky, SAMS. (2004)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2f5f4b4-0d11-4f95-ba3a-91f615f87b47"><ac:parameter ac:name="">McGraw 99</ac:parameter></ac:structured-macro>
\[McGraw 00\] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="adb8c8f3-1537-4f8f-a7dd-737820f417e3"><ac:parameter ac:name="">Macgregor 98</ac:parameter></ac:structured-macro> 
\[Macgregor 98\] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e4e830e-c8f1-4f2a-ae98-d033c9877fef"><ac:parameter ac:name="">Mocha 07</ac:parameter></ac:structured-macro>
\[Mocha 07\] [Mocha, the Java Decompiler|http://www.brouhaha.com/~eric/software/mocha/] (2007)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdb7c3ca-6590-4e41-a8fb-e6aba6357872"><ac:parameter ac:name="">Müller 02</ac:parameter></ac:structured-macro>
\[Müller 02\] [Exception Handling: Common Problems and Best Practice with Java 1.4|http://www.old.netobjectdays.org/pdf/02/papers/industry/1430.pdf] by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24888475-ad90-482b-a048-fed77042ccbb"><ac:parameter ac:name="">Oaks 01</ac:parameter></ac:structured-macro>
\[Oaks 01\] Java Security, by Scott Oaks. O'REILLY. (2001)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a8455d2f-8e6e-4880-adfa-53de3d16f8b9"><ac:parameter ac:name="">Pistoia 04</ac:parameter></ac:structured-macro>
\[Pistoia 04\] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="badb255d-c2ef-4aca-b3d5-a40b198f37dc"><ac:parameter ac:name="">SCG 07</ac:parameter></ac:structured-macro>
\[SCG 07\] [Secure Coding Guidelines for the Java Programming Language, version 2.0|http://java.sun.com/security/seccodeguide.html] (2007)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4bc725f4-58bd-4b44-92e3-3e8dcccdeb67"><ac:parameter ac:name="">SecArch 06</ac:parameter></ac:structured-macro>
\[SecArch 06\] [Java 2 Platform Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html] (2006)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="491247c4-aff3-49aa-ad56-0455962b26a9"><ac:parameter ac:name="">Security 06</ac:parameter></ac:structured-macro>
\[Security 06\] [Java Security Guides|http://java.sun.com/javase/6/docs/technotes/guides/security/] (2006)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b449e238-c60b-453c-a401-450993a2cc24"><ac:parameter ac:name="">Steel 05</ac:parameter></ac:structured-macro>
\[Steel 05\] Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Micros. (2005)

Wiki Markup<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="212ca00c-2c76-4d15-9d8a-9ae680b39747"><ac:parameter ac:name="">Tutorials 08</ac:parameter></ac:structured-macro> \[Tutorials 08\] [The Java Tutorials|http://java.sun.com/docs/books/tutorial/index.html] (2008)