[Abadi 1996] Abadi, Martin, and Roger Needham. Prudent Engineering Practice for Cryptographic Protocols. IEEE Transactions on Software Engineering 22(1):6–15 (1996 [Apache 2014] Apache Tika: A Content Analysis Toolkit. The Apache Software Foundation (2014).
[API 2006]
Java Platform, Standard Edition 6 API Specification. , Oracle (2006
/2011).
[API 2011]
Java Platform, Standard Edition 7 API Specification. , Oracle (2011).
[Austin 2000] Austin, Calvin, and Monica Pawlan. Advanced Programming for the Java 2 Platform. Boston: Addison-Wesley Longman (2000 [API 2014] Java Platform, Standard Edition 8 API Specification, Oracle (2014). [Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java™ Programming Language, 4th ed., Boston: Addison-Wesley (2006). [ASVS 2019] OWASP Application Security Verification Standard Project (2019). [Black 2004] Black, Paul E., and Paul J. Tanenbaum. "Partial order." In
Dictionary of Algorithms and Data Structures [online]. Paul E. Black, ed., U.S. National Institute of Standards and Technology (2004).
[Black 2006] Black, Paul E., and Paul J. Tanenbaum. "Total order." In Dictionary of Algorithms and Data Structures [online]. Paul E. Black, ed., U.S. National Institute of Standards and Technology (2006). [Bloch 2001] Bloch, Joshua.
Effective Java: Programming Language Guide. Boston: Addison-Wesley (2001).
[Bloch
2005a2005] Bloch, Joshua, and Neal Gafter.
Java Puzzlers: Traps, Pitfalls, and Corner Cases. Upper Saddle River, NJ: Addison-Wesley (2005).
[Bloch
2005b2008] Bloch, Joshua
, and Neal Gafter. Yet More Programming Puzzlers. JavaOne Conference (2005. Effective Java, 2nd ed. Upper Saddle River, NJ: Addison-Wesley (2008).
Anchor |
---|
| Campione 96 |
---|
| Campione 96 | Bloch 07 | Bloch 07 |
---|
|
[
Bloch 2007] Bloch, Joshua. Effective Java™ Reloaded: This Time It's (Not) for Real. JavaOne Conference (2007Campione 1996] Campione, Mary, and Kathy Walrath. The Java Tutorial: Object-Oriented Programming for the Internet. Reading, MA: Addison-Wesley (1996).
Anchor |
---|
| Chan 99 |
---|
| Chan 99 | Bloch 08 | Bloch 08 |
---|
|
[
Bloch 2008] Bloch, Joshua. Effective Java, 2nd ed. Chan 1999] Chan, Patrick, Rosanna Lee, and Douglas Kramer. The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, 2nd ed., vol. 1. Upper Saddle River, NJ:
Addison-Wesley (2008Prentice Hall (1999).
Anchor |
---|
| Cohen 81 |
---|
| Cohen 81 | Bloch 09 | Bloch 09 |
---|
|
[
Bloch 2009Cohen 1981]
Bloch, Joshua, and Neal Gafter. Return of the Puzzlers: Schlock and Awe. JavaOne Conference (2009Cohen, D. On Holy Wars and a Plea for Peace, IEEE Computer, 14(10):48–54 (1981).
Anchor |
---|
| Conventions 09 |
---|
| Conventions 09 | Boehm 05 | Boehm 05 |
---|
|
[
Boehm 2005] Boehm, Hans-J. Finalization, Threads, and the Java™ Technology-Based Memory Model. JavaOne Conference (2005Conventions 2009] Code Conventions for the Java Programming Language. Oracle (2009).
Anchor |
---|
| Coomes 07 |
---|
| Coomes 07 | Campione 96 | Campione 96 |
---|
|
[
Campione 1996] Campione, Mary, and Kathy Walrath. The Java Tutorial: Object-Oriented Programming for the Internet. Reading, MA: Addison-Wesley (1996Coomes 2007] Coomes, John, Peter Kessler, and Tony Printezis. Garbage Collection-Friendly Programming. Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference (2007).
[CCITT 1988] CCITT (International Telegraph and Telephone Consultative Committee). CCITT Blue Book: Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva: International Telecommunication Union (1988). [Core Java 2004] Horstmann, Cay S., and Gary Cornell. Core Java™ 2, Vol. I: Fundamentals, 7th ed. Upper Anchor |
---|
Chan 99 | Chan 99 | [Chan 1999] Chan, Patrick, Rosanna Lee, and Douglas Kramer. The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, 2nd ed., vol. 1. Upper Saddle River, NJ: Prentice Hall
PTR (
19992004).
Anchor |
---|
| Chess Coverity 07Chess |
---|
| Coverity 07 |
---|
|
[
Chess 2007] Chess, Brian, and Jacob West. Secure Programming with Static Analysis. Upper Saddle River, NJ: Addison-Wesley Professional Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity (2007).
Anchor |
---|
| Daconta 03 |
---|
| Daconta 03 | Christudas 05 | Christudas 05 |
---|
|
[
Christudas 2005Daconta 2003]
ChristudasDaconta,
Binildas. Internals of Java Class Loading, ONJava (2005). Anchor |
---|
Cohen 81 | Cohen 81 | [Cohen 1981] Cohen, D. On Holy Wars and a Plea for Peace, IEEE Computer, 14(10):48–54 (1981Michael C., Kevin T. Smith, Donald Avondolio, and W. Clay Richardson. More Java Pitfalls: 50 New Time-Saving Solutions and Workarounds. Indianapolis, IN: Wiley (2003).
Anchor |
---|
| Davis 08 |
---|
| Davis 08 | Conventions 09 | Conventions 09 |
---|
|
[
Conventions 2009] Code Conventions for the Java Programming Language. Oracle (2009). Anchor |
---|
Coomes 07 | Coomes 07 | [Coomes 2007] Coomes, John, Peter Kessler, and Tony Printezis. Garbage Collection-Friendly Programming. Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference (2007Davis 2008] Davis, Mark, and Ken Whistler (Ed.). Unicode Standard Annex #15: Unicode Normalization Forms (2008).
Anchor |
---|
Core Java 04 | Core Java 04 |
[Core Java 2004] Horstmann, Cay S., and Gary Cornell. Core Java™ 2, Vol. I: Fundamentals, 7th ed. Upper Saddle River, NJ: Prentice Hall PTR (2004). Anchor |
---|
Coverity 07 | Coverity 07 | [Coverity 2007] Coverity Prevent User's Manual (3.3.0). 2007. Anchor |
---|
Cunningham 95 | Cunningham 95 | [Cunningham 1995] Cunningham, Ward. The CHECKS Pattern Language of Information Integrity. In Pattern Languages of Program Design, James O. Coplien and Douglas C. Schmidt, eds. Reading, MA: Addison-Wesley (1995). Anchor |
---|
Daconta 00 | Daconta 00 | [Daconta 2000] Daconta, Michael C. When Runtime.exec() Won't. JavaWorld.com (2000). Anchor |
---|
Daconta 03 | Daconta 03 | [Daconta 2003] Daconta, Michael C., Kevin T. Smith, Donald Avondolio, and W. Clay Richardson. More Java Pitfalls. Indianapolis: Wiley (2003). Anchor |
---|
Darwin 04 | Darwin 04 | [Darwin 2004] Darwin, Ian F. Java Cookbook, 2nd ed. Sebastopol, CA: OâReilly (2004). Anchor |
---|
Davis 08 | Davis 08 | [Davis 2008] Davis, Mark, and Ken Whistler. Unicode Standard Annex #15: Unicode Normalization Forms (2008). Anchor |
---|
Davis 08b | Davis 08b | [Davis 2008b] Davis, Mark, and Michel Suignard. Unicode Technical Report #36, Unicode Security Considerations (2008). Anchor |
---|
Dennis 1966 | Dennis 1966 | [Dennis 1966] Dennis, Jack B., and Earl C. Van Horn. 1966. Programming Semantics for Multiprogrammed Computations. Communications of the ACM, 9(3):143–155 (1966). doi: 10.1145/365230.365252. Anchor |
---|
DHS 06 | DHS 06 | [DHS 2006] U.S. Department of Homeland Security. Build Security In (2006/2011). Anchor |
---|
Dormann 08 | Dormann 08 | [Dormann 2008] Dormann, Will. Signed Java Applet Security: Worse Than ActiveX? CERT Vulnerability Analysis Blog (2008). Anchor |
---|
Doshi 03 | Doshi 03 | [Doshi 2003] Doshi, Gunjan. Best Practices for Exception Handling. ONJava (2003). Anchor |
---|
Dougherty 2009 | Dougherty 2009 | [Dougherty 2009] Dougherty, Chad, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi. Secure Design Patterns. CMU/SEI-2009-TR-010 (2009). Anchor |
---|
Eclipse 08 | Eclipse 08 | [Eclipse 2008] Eclipse Platform, The Eclipse Foundation (2008). Anchor |
---|
Encodings 06 | Encodings 06 | [Encodings 2006] Supported Encodings, Oracle (2006/2011). Anchor |
---|
Enterprise 03 | Enterprise 03 | [Enterprise 2003] Eckstein, Robert. Java Enterprise Best Practices. Sebastopol, CA: O'Reilly (2003). Anchor |
---|
ESA 05 | ESA 05 | [ESA 2005] ESA (European Space Agency). Java Coding Standards. Prepared by ESA Board for Software Standardisation and Control (BSSC) (2005). Anchor |
---|
Fairbanks 07 | Fairbanks 07 | [Fairbanks 2007] Fairbanks, George. Design Fragments. PhD thesis, Carnegie Mellon University (2007). Anchor |
---|
FindBugs 08 | FindBugs 08 | [FindBugs 2008] FindBugs Bug Descriptions (2008/2011). Anchor |
---|
Fisher 03 | Fisher 03 | [Fisher 2003] Fisher, Maydene, Jon Ellis, and Jonathan Bruce. JDBC API Tutorial and Reference, 3rd ed. Upper Saddle River, NJ: Prentice Hall (2003). Anchor |
---|
Flanagan 05 | Flanagan 05 | [Flanagan 2005] Flanagan, David. Java in a Nutshell, 5th ed. Sebastopol, CA: O'Reilly Media (2005). Anchor |
---|
Fortify 08 | Fortify 08 | [Fortify 2008] Fortify Software Security Research Group with Gary McGraw. A Taxonomy of Coding Errors That Affect Security (see Java/JSP) (2008/2011). Anchor |
---|
Fox 01 | Fox 01 | [Fox 2001] Fox, Joshua. When Is a Singleton Not a Singleton? JavaWorld (2001). Anchor |
---|
FT 08 | FT 08 | [FT 2008] Function Table: Class FunctionTable, Field Detail, public static FuncLoader m_functions. Apache XML Project (2008). Anchor |
---|
Gafter 06 | Gafter 06 | [Gafter 2006] Gafter, Neal. Neal Gafter's blog (2006). Anchor |
---|
Gamma 95 | Gamma 95 | [Gamma 1995] Gamma, Erich, Richard Helm, Ralph Johnson, and John M. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Reading, MA: Addison-Wesley (1995). Anchor |
---|
Garms 01 | Garms 01 | [Garms 2001] Garms, Jess, and Daniel Somerfield. Professional Java Security. Birmingham, UK: Wrox Press (2001). Anchor |
---|
GNU 13 | GNU 13 | [GNU 2013] GNU Coding Standards, §5.3, "Clean Use of C Constructs." (GNU Coding Standards were written by Richard Stallman and other GNU Project volunteers.) (2013). Anchor |
---|
Goetz 02 | Goetz 02 | [Goetz 2002] Goetz, Brian. Java Theory and Practice: Safe Construction Techniques: Don't Let the "this" Reference Escape during Construction. IBM developerWorks (2002). Anchor |
---|
Goetz 04a | Goetz 04a | [Goetz 2004a] Goetz, Brian. Java Theory and Practice: Garbage Collection and Performance: Hints, Tips, and Myths about Writing Garbage Collection-Friendly Classes. IBM developerWorks (2004). Anchor |
---|
Goetz 04b | Goetz 04b | [Goetz 2004b] Goetz, Brian. Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check? IBM developerWorks (2004). Anchor |
---|
Goetz 04c | Goetz 04c | [Goetz 2004c] Goetz, Brian. Java Theory and Practice: Going Atomic: The New Atomic Classes Are the Hidden Gems of java.util.concurrent. IBM developerWorks (2004). Anchor |
---|
Goetz 05a | Goetz 05a | [Goetz 2005a] Goetz, Brian. Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners. IBM developerWorks (2005). Anchor |
---|
Goetz 05b | Goetz 05b | [Goetz 2005b] Goetz, Brian. Java Theory and Practice: Plugging Memory Leaks with Weak References: Weak References Make It Easy to Express Object Lifecycle Relationships. IBM developerWorks (2005). Anchor |
---|
Goetz 06a | Goetz 06a | [Goetz 2006a] Goetz, Brian, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea. Java Concurrency in Practice. Upper Saddle River, NJ: Addison-Wesley Professional (2006). Anchor |
---|
Goetz 06b | Goetz 06b | [Goetz 2006b] Goetz, Brian. Java Theory and Practice: Good Housekeeping Practices. IBM developerWorks (2006). Anchor |
---|
Goetz 07 | Goetz 07 | [Goetz 2007] Goetz, Brian. Java Theory and Practice: Managing Volatility: Guidelines for Using Volatile Variables. IBM developerWorks (2006). Anchor |
---|
Goldberg 91 | Goldberg 91 | [Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems (1991/2000). Anchor |
---|
Goodliffe 06 | Goodliffe 06 | [Goodliffe 2006] Pete Goodliffe. Code Craft: The Practice of Writing Excellent Code. San Francisco: No Starch Press, 2006 Anchor |
---|
Gong 03 | Gong 03 | [Gong 2003] Gong, Li, Gary Ellison, and Mary Dageforde. Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed. Upper Saddle River, NJ: Prentice Hall (2003). Anchor |
---|
Grand 02 | Grand 02 | [Grand 2002] Grand, Mark. Patterns in Java, Vol. 1, 2nd ed. New York: Wiley (2002). Anchor |
---|
Greanier 00 | Greanier 00 | [Greanier 2000] Greanier, Todd. Discover the Secrets of the Java Serialization API. Sun Developer Network (2000). Anchor |
---|
Green 08 | Green 08 | [Green 2008] Green, Roedy. Canadian Mind Products Java & Internet Glossary (2008/2012). Anchor |
---|
Grigg 06 | Grigg 06 | [Grigg 2006] Grigg, Jeffery. Reflection on Inner Classes (2006). Anchor |
---|
Grosso 01 | Grosso 01 | [Grosso 2001] Grosso, William. Java RMI. Sebastopol, CA: O'Reilly (2001). Anchor |
---|
Grubb 13 | Grubb 13 | [Grubb 2013] Penny Grubb, and Armstrong A. Takang. Software Maintenance Concepts and Practice, 2nd ed. River Edge, NJ: World Scientific (2013). Anchor |
---|
Guillardoy 12 | Guillardoy 12 | [Guillardoy 2012] Guillardoy, Esteban (Immunity Products). Java 0-day analysis (CVE-2012-4681) (August 28, 2012). Anchor |
---|
Gupta 05 | Gupta 05 | [Gupta 2005] Gupta, Satish Chandra, and Rajeev Palanki. Java Memory Leaks—Catch Me If You Can: Detecting Java Leaks Using IBM Rational Application Developer 6.0. IBM developerWorks (2005). Anchor |
---|
Haack 06 | Haack 06 | [Haack 2006] Haack, Christian, Erik Poll, Jan Schäfer, and Aleksy Schubert. Immutable Objects in Java. Research report, Radboud University Nijmegen (2006). Anchor |
---|
Haggar 00 | Haggar 00 | [Haggar 2000] Haggar, Peter. Practical Java™ Programming Language Guide. Reading, MA: Addison-Wesley Professional (2000). Anchor |
---|
Halloway 00 | Halloway 00 | [Halloway 2000] Halloway, Stuart. Java Developer Connection Tech Tips, March 28, 2000. Sun Microsystems (2000). Anchor |
---|
Halloway 01 | Halloway 01 | [Halloway 2001] Halloway, Stuart. Java Developer Connection Tech Tips, January 30, 2001. Sun Microsystems (2001). Anchor |
---|
Harold 97 | Harold 97 | [Harold 1997] Harold, Elliotte Rusty. Java Secrets. Foster City, CA: IDG Books Worldwide (1997). Anchor |
---|
Harold 99 | Harold 99 | [Harold 1999] Harold, Elliotte Rusty. Java I/O. Sebastopol, CA: O'Reilly (1999). Anchor |
---|
Harold 06 | Harold 06 | [Harold 2006] Harold, Elliotte Rusty. Java I/O, 2nd ed. Sebastopol, CA: O'Reilley (2006). Anchor |
---|
Hatton 95 | Hatton 95 | [Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill, 1995 (ISBN 0-07-707640-0). Anchor |
---|
Hawtin 06 | Hawtin 06 | [Hawtin 2006] Hawtin, Thomas. [drlvm][kernel_classes] ThreadLocal vulnerability. MarkMail (2006). Anchor |
---|
Hawtin 08 | Hawtin 08 | [Hawtin 2008] Hawtin, Thomas. Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities. Sun Microsystems, Make It Fly, London (2008). Anchor |
---|
Havelund 10 | Havelund 10 | [Havelund 2010] Klaus Havelund, Al Niessner. JPL Coding Standard. Version: 1.1. January 25, 2010. http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_Java.pdf
...
[Dennis 1966] Dennis, Jack B., and Earl C. Van Horn. 1966. Programming Semantics for Multiprogrammed Computations. Communications of the ACM, 9(3):143–155 (1966). doi: 10.1145/365230.365252. Anchor |
---|
| Dougherty 2009 |
---|
| Dougherty 2009 |
---|
|
[Dougherty 2009] Dougherty, Chad, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi. Secure Design Patterns. CMU/SEI-2009-TR-010 (2009).[ESA 2005] ESA (European Space Agency). Java Coding Standards. Prepared by ESA Board for Software Standardisation and Control (BSSC) (2005). [FindBugs 2008] FindBugs Bug Descriptions (2008/2011). [Flanagan 2005] Flanagan, David. Java in a Nutshell, 5th ed. Sebastopol, CA: O'Reilly Media (2005). [Fortify 2014] Fortify Software Security Research Group with Gary McGraw. A Taxonomy of Coding Errors That Affect Security (see Java/JSP) (2008/2014).[GNU 2013] GNU Coding Standards, §5.3, "Clean Use of C Constructs." Richard Stallman and other GNU Project volunteers (2013). [Goetz 2004] Goetz, Brian. Java Theory and Practice: Garbage Collection and Performance: Hints, Tips, and Myths about Writing Garbage Collection-Friendly Classes. IBM developerWorks (2004).[Goetz 2006] Goetz, Brian, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea. Java Concurrency in Practice. Boston: Addison-Wesley Professional (2006). [Goetz 2007] Goetz, Brian. Java Theory and Practice: Managing Volatility: Guidelines for Using Volatile Variables. IBM developerWorks (2007). [Gong 2003] Gong, Li, Gary Ellison, and Mary Dageforde. Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed. Boston: Addison-Wesley (2003).
[Goodliffe 2007] Pete Goodliffe. Code Craft: The Practice of Writing Excellent Code. San Francisco: No Starch Press (2007). [Grand 2002] Grand, Mark. Patterns in Java, Vol. 1: A Catalog of Reusable Design Patterns Illustrated with UML, 2nd ed. Indianapolis, IN: Wiley (2002).[Grubb 2003] Penny Grubb, and Armstrong A. Takang. Software Maintenance Concepts and Practice, 2nd ed. River Edge, NJ: World Scientific (2003). Anchor |
---|
| Guillardoy 12 |
---|
| Guillardoy 12 |
---|
|
[Guillardoy 2012] Guillardoy, Esteban. Java 0-day Analysis (CVE-2012-4681) (2012).[Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill (1995).[Havelund 2009] Havelund, Klaus, and Al Niessner. JPL Coding Standard, Version 1.1 (2009) [Hawtin 2006] Hawtin, Thomas. [drlvm][kernel_classes] ThreadLocal Vulnerability. MarkMail (2006). Anchor |
---|
| Hirondelle 13 |
---|
| Hirondelle 13 |
---|
|
[Hirondelle 2013] Hirondelle Systems. Passwords Never Clear in Text (2013). [ISO/IEC 9126-1:2001] Software Engineering—Product Quality—Part 1, Quality Model (ISO/IEC 9126-1:2001). Geneva, Switzerland: International Organization for Standardization (2001). [ISO/IEC 24765:2010] Systems and Software Engineering—Vocabulary (ISO/IEC 24765:2010). Geneva, Switzerland: International Organization for Standardization (2010). [JLS 2013] Gosling, James, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley. Java Language Specification: Java SE 7 Edition. Oracle America (2013). Anchor |
---|
| Jovanovic 06 |
---|
| Jovanovic 06 |
---|
|
[Jovanovic 2006] Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 258–263, May 21–24, Oakland, CA (2006). [JPL 2006] Arnold, Ken, James Gosling, and David Holmes. The Java™ Programming Language, 4th ed. Reading, MA: Addison-Wesley Professional (2006).[JVMSpec 1999] The Java Virtual Machine Specification. Sun Microsystems (1999). [JVMSpec 2013] The Java Virtual Machine Specification: Java SE 7 Edition. Oracle America (2013). [Kabanov 2009] Kabanov, Jevgeni. The Ultimate Java Puzzler (2009). Anchor |
---|
| Kalinovsky 04 |
---|
| Kalinovsky 04 |
---|
|
[Kalinovsky 2004] Kalinovsky, Alex. Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering. Indianapolis: SAMS (2004). Anchor |
---|
| Knoernschild 02 |
---|
| Knoernschild 02 |
---|
|
[Knoernschild 2002] Knoernschild, Kirk. Java™ Design: Objects, UML, and Process. Boston: Addison-Wesley Professional (2002).[Lea 2000] Lea, Doug. Concurrent Programming in Java: Design Principles and Patterns, 2nd ed. Boston: Addison-Wesley (2000). [Lo 2005] Lo, Chia-Tien Dan, Witawas Srisa-an, and J. Morris Chang. Security Issues in Garbage Collection. STSC Crosstalk, (2005, October). [Long 2012] Long, Fred, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, and David Svoboda. The CERT Oracle Secure Coding Standard for Java, SEI Series in Software Engineering. Boston: Addison-Wesley (2012).[Manion 2013] Manion, Art. Anatomy of Java Exploits, CERT/CC Blog (January 15, 2013).[Martin 1996] Martin, Robert C. Granularity. The C++ Report 8(10):57–62 (1996).[McGraw 1999] McGraw, Gary, and Edward W. Felten. Securing Java: Getting Down to Business with Mobile Code, 2nd ed. New York: Wiley (1999). [Mettler 2010] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI: 10.1145/1814217.1814224, 2010. [Miller 2009] Miller, Alex. Java™ Platform Concurrency Gotchas. JavaOne Conference (2009). [Netzer 1992] Netzer, Robert H. B., and Barton P. Miller. What Are Race Conditions? Some Issues and Formalization. ACM Letters on Programming Languages and Systems 1(1):74–88 (1992). [NIST 2017] NIST Special Publication 800-63 (2017).[Oaks 2001] Oaks, Scott. Java Security. Sebastopol, CA: O'Reilly (2001). [Oracle 2008] Permissions in the Java™ SE 6 Development Kit (JDK). Oracle (2008). [Oracle 2010a] Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning. Oracle (2010). [Oracle 2010b] New I/O APIs. Oracle (2010). [Oracle 2011a] Java PKI Programmer's Guide, Oracle, 2011. [Oracle 2011b] Java Platform™, Standard Edition 6 Documentation, Oracle, 2011. [Oracle 2011c] Package javax.servelt.http, Oracle 2011. [Oracle 2011d] Permissions in the Java™ SE 6 Development Kit (JDK), Oracle, 2011. [Oracle 2012a] API for Privileged Blocks. Oracle (1993/2012). [Oracle 2012b] "Reading ASCII Passwords from an InputStream Example," Java Cryptography Architecture (JCA) Reference Guide. Oracle (2012). [Oracle 2012c] Java Platform Standard Edition 7 Documentation. Oracle (2012). [Oracle 2013a] API for Privileged Blocks, Oracle, 1993/2013. [Oracle 2013b] Reading ASCII Passwords from an InputStream Example, Java Cryptography Architecture (JCA) Reference Guide, Oracle, 2013. [Oracle 2013c] Java Platform Standard Edition 7 Documentation, Oracle, 2013. [Oracle 2013d] Oracle Security Alert for CVE-2013-0422, Oracle, 2013. [OWASP 2005] OWASP (Open Web Application Security Project). A Guide to Building Secure Web Applications and Web Services (2005). [OWASP 2008] OWASP. Open Web Application Security Project homepage (2008). [OWASP 2009] OWASP. Session Fixation in Java (2009). [OWASP 2011] OWASP. Cross-site Scripting (XSS) (2011). [OWASP 2012] OWASP. "Why Add Salt?" Hashing Java (2012). [OWASP 2013] OWASP. OWASP Guide Project (2011).
[Paar 2010] Paar, Christof, and Jan Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. New York: Springer (2009). (Companion website contains online cryptography course that covers hash functions.)
[Pistoia 2004] Pistoia, Marco, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin. Enterprise Java Security: Building Secure J2EE Applications. Boston: Addison-Wesley (2004). [Policy 2010] Default Policy Implementation and Policy File Syntax, Document revision 1.6, Oracle (2010).[Reddy 2000] Reddy, Achut. Java Coding Style Guide. (2000). [Rogue 2000] Vermeulen, Allan, Scott W. Ambler, Greg Bumgardner, and Eldon Metz. The Elements of Java Style. New York: Cambridge University Press (2000). [SCG 2010] Secure Coding Guidelines for the Java Programming Language, version 4.0. Oracle (2010). [Seacord 2009] Seacord, Robert C. The CERT C Secure Coding Standard. Boston: Addison-Wesley (2009).[Seacord 2012] Seacord, Robert, Will Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch. Source Code Analysis Laboratory (SCALe) (CMU/SEI-2012-TN-013). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn013.cfm. [Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-Wesley (2013). See http://www.cert.org/books/secure-coding for news and errata. Anchor |
---|
| SecuritySpec 08 |
---|
| SecuritySpec 08 |
---|
|
Anchor |
---|
| SecuritySpec 10 |
---|
| SecuritySpec 10 |
---|
|
[SecuritySpec 2010] Java Security Architecture. Oracle (2010). [Sen 2007] Sen, Robi. Avoid the Dangers of XPath Injection. IBM developerWorks (2007). [Sethi 2009] Sethi, Amit. Proper Use of Java's SecureRandom. Cigital Justice League Blog (2009).[Steinberg 2008] Steinberg, Daniel H. Using the Varargs Language Feature. Java Developer Connection Tech Tips (2008). [Sterbenz 2006] Sterbenz, Andreas, and Charlie Lai. Secure Coding Antipatterns: Avoiding Vulnerabilities. JavaOne Conference (2006).[Sun 2006] Java™ Platform, Standard Edition 6 Documentation. Oracle (2006). Anchor |
---|
| Sutherland 10 |
---|
| Sutherland 10 |
---|
|
[Sutherland 2010] Sutherland, Dean F., and William L. Scherlis. Composable Thread Coloring. In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. New York: ACM (2010). [Tools 2011] JDK Tools and Utilities Specification. Oracle (2011). [Tutorials 2013] The Java Tutorials. Oracle (2013). [Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by The Unicode Standard, Version 5.2. Mountain View, CA: The Unicode Consortium (2009). [Unicode 2013] The Unicode Consortium. The Unicode Standard, Version 6.2.0, defined by Unicode 6.2.0. Mountain View, CA: The Unicode Consortium (2013). [Vermeulen 2000] Vermeulen, Allan, Scott W. Ambler, Greg Bumgardner, and Eldon Metz. The Elements of Java Style. New York: Cambridge University Press (2000).[Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software (2005). [W3C 2003] The World Wide Web Security FAQ. World Wide Web Consortium (W3C) (2003). [Ware 2008] Ware, Michael S. Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools (thesis). James Madison University (2008...
[Seacord 2012] Seacord, Robert, Will Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch. Source Code Analysis Laboratory (SCALe) (CMU/SEI-2012-TN-013). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn013.cfm
Anchor |
---|
Seacord 13 | Seacord 13 | [Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-Wesley (2013). See http://www.cert.org/books/secure-coding for news and errata. Anchor |
---|
SecArch 06 | SecArch 06 | [SecArch 2006] Java 2 Platform Security Architecture. Oracle (2006). Anchor |
---|
Security 06 | Security 06 | [Security 2006] Java Security Guides. Oracle (2006). Anchor |
---|
SecuritySpec 08 | SecuritySpec 08 | [SecuritySpec 2008] Java Security Architecture. Oracle (2008/2010). Anchor |
---|
Sen 07 | Sen 07 | [Sen 2007] Sen, Robi. Avoid the Dangers of XPath Injection. IBM developerWorks (2007). Anchor |
---|
Sethi 09 | Sethi 09 | [Sethi 2009] Sethi, Amit. Proper Use of Java's SecureRandom. Cigital Justice League Blog (2009). Anchor |
---|
Spinellis 2006 | Spinellis 2006 | [Spinellis 2006] Spinellis, Diomidis. Code Quality: The Open Source Perspective. Boston: Addison-Wesley, 2006. Anchor |
---|
Steel 05 | Steel 05 | [Steel 2005] Steel, Christopher, Ramesh Nagappan, and Ray Lai. Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management. Upper Saddle River, NJ: Prentice Hall PTR (2005). Anchor |
---|
Steele 1977 | Steele 1977 | [Steele 1977] Steele, Guy Lewis. Arithmetic Shifting Considered Harmful. SIGPLAN Notices 12(11):61–69 (1977). Anchor |
---|
Steinberg 05 | Steinberg 05 | [Steinberg 2005] Steinberg, Daniel H. Java Developer Connection Tech Tips: Using the Varargs Language Feature. (2005, January 4). Anchor |
---|
Sterbenz 06 | Sterbenz 06 | [Sterbenz 2006] Sterbenz, Andreas, and Charlie Lai. Secure Coding Antipatterns: Avoiding Vulnerabilities. JavaOne Conference (2006). Anchor |
---|
Steuck 02 | Steuck 02 | [Steuck 2002] Steuck, Gregory. XXE (Xml eXternal Entity) Attack. SecurityFocus (2002). Anchor |
---|
Sun 04 | Sun 04 | [Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated? Oracle (1999). Anchor |
---|
Sun 03 | Sun 03 | [Sun 2003] Sun ONE Application Server 7 Performance Tuning Guide. Oracle (2003). Anchor |
---|
Sun 06 | Sun 06 | [Sun 2006] Java™ Platform, Standard Edition 6 Documentation. Oracle (2006). Anchor |
---|
Sun 08 | Sun 08 | [Sun 2008] Java™ Plug-in and Applet Architecture. Oracle (2008). Anchor |
---|
Sutherland 10 | Sutherland 10 | [Sutherland 2010] Sutherland, Dean F., and William L. Scherlis. Composable Thread Coloring. In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. New York: ACM (2010). Anchor |
---|
Tanenbaum 03 | Tanenbaum 03 | [Tanenbaum 2003] Tanenbaum, Andrew S., and Maarten Van Steen. Distributed Systems: Principles and Paradigms, 2nd. ed. Upper Saddle River, NJ: Prentice Hall. Anchor |
---|
Techtalk 07 | Techtalk 07 | [Techtalk 2007] Bloch, Josh, and William Pugh. The Phantom-Reference Menace, Attack of the Clone, Revenge of the Shift. JavaOne Conference (2007). Anchor |
---|
Tomcat 09 | Tomcat 09 | [Tomcat 2009] Tomcat Documentation: Changelog and Security Fixes. Apache Software Foundation (2009). Anchor |
---|
Tools 11 | Tools 11 | [Tools 2011] JDK Tools and Utilities Specification. Oracle (2011). Anchor |
---|
Tutorials 08 | Tutorials 08 | [Tutorials 2008] The Java Tutorials. Oracle (2008). Anchor |
---|
Unicode 09 | Unicode 09 | [Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by The Unicode Standard, Version 5.2. Mountain View, CA: The Unicode Consortium (2009). Anchor |
---|
Unicode 13 | Unicode 13 | [Unicode 2013] The Unicode Consortium. The Unicode Standard, Version 6.2.0, defined by Unicode 6.2.0. Mountain View, CA: The Unicode Consortium (2013). Anchor |
---|
Venners 97 | Venners 97 | [Venners 1997] Venners, Bill. Security and the Class Loader Architecture. Java World.com (1997). Anchor |
---|
Venners 03 | Venners 03 | [Venners 2003] Venners, Bill. Failure and Exceptions: A Conversation with James Gosling, Part II. (2003). Anchor |
---|
Viega 05 | Viega 05 | [Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software, 2005. Anchor |
---|
W3C 03 | W3C 03 | [W3C 2003] The World Wide Web Security FAQ. World Wide Web Consortium (W3C) (2003). Anchor |
---|
W3C 08 | W3C 08 | [W3C 2008] Bray, Tim, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François Yergeau. Extensible Markup Language (XML) 1.0, 5th ed. W3C Recommendation (2008). Anchor |
---|
Ware 08 | Ware 08 | [Ware 2008] Ware, Michael S. Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools (thesis). James Madison University (2008). Anchor |
---|
Weber 09 | Weber 09 | [Weber 2009] Weber, Chris. Exploiting Unicode-Enabled Software. CanSecWest (2009). Anchor |
---|
Wheeler 03 | Wheeler 03 | [Wheeler 2003] Wheeler, David A. Secure Programming for Linux and UNIX HOWTO (2003).
[White 2003] White, Tom.
Memoization in Java Using Dynamic Proxy Classes. O'Reilly onJava.com (
August 20, 2003).
[Zadegan 2009] Zadegan, Bryant.
A Lesson on Infinite Loops (2009
). Anchor |
---|
Zukowski 04 | Zukowski 04 | [Zukowski 2004] Zukowski, John. Java Developer Connection Tech Tips: Creating Custom Security Permissions (2004).