SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 299

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Robert Schiela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed unused ref.

Anchor
Abadi 96
Abadi 96

[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6 - 15., 6–15.

Anchor
Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

 

Anchor
AndroidAPI 13
AndroidAPI 13

[Android API 2013] Android API. developer.android.com/reference Package Index, Android, 2013.

Anchor
AndroidGuides 13
AndroidGuides 13

[Android Guide 2013] Android API Guides, developer.android.com/guide/, Android 2013, Introduction to Android, Android, 2013.

Anchor
AndroidSecurity
AndroidSecurity

[Android Security] Security Tips, Android Training.

Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.

Anchor
Apache 15
Apache 15

[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.

Anchor
API 06
API 06API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011.

...

Anchor
API 13
API 13

[API 2013] Java Platform, Standard Edition 7 API Specification, Oracle, 20122013.

Anchor
Austin 00Austin 00
[Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform , Addison-Wesley Longman, Boston, 2000
J2EE API 13
J2EE API 13

[J2EE API 2013] Java Platform, Extended Edition 7 API Specification, Oracle, 2013.

Anchor
API 14
API 14Black 04Black 04

[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle, 2014.

Anchor
Arnold 06
Arnold 06

[Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java Programming Language, 4th ed., Addison-Wesley, Boston, 2006.

Anchor
Austin 00
Austin 00

[Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform, Addison-Wesley Longman, Boston, 2000.

Anchor
Black 04
Black 04

[Black 2004] Paul E. Black and Paul J. Tanenbaum, partial Black 2004] Paul E. Black and Paul J. Tanenbaum, partial order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.
Available at http://xlinux.nist.gov/dads/HTML/partialorder.html. AnchorBlack 06Black 06 [Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.
Available at http://xlinux.nist.gov/dads/HTML/totalorder.html, December 17, 2004.

Anchor
Black 06
Black 06Bloch 01Bloch 01

[Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.

Anchor
Bloch 01
Bloch 01

[Bloch 2001] Joshua Bloch, Effective JavaBloch 2001] Joshua Bloch, Effective Java: Programming Language Guide, Addison-Wesley Professional, Boston, 2001.

...

Anchor
Bloch 08
Bloch 08

[Bloch 2008] Joshua Bloch, Effective JavaJava™: Programming Language Guide, 2nd ed., Addison-Wesley Professional, Boston, 2008.

...

Anchor
CCITT 88
CCITT 88

[CCITT 1988] International Telegraph and Telephone Consultative Committee (CCITT). CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988.

Anchor
Chan 99
Chan 99

[Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, The Java Class Libraries: Supplement for the Java 2 Platform, v1Volume 1.2, 2nd ed., Volume 1, Prentice Hall, Upper Saddle River, NJ, 1999.

Anchor
Chess 07
Chess 07

[Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, MA, 2007.

Anchor
Chen 14
Chen 14Chin 11Chin 11

[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers.", 2014.

Anchor
Chin 11
Chin 11

[Chin 2011] Erika Chin, Adrienne Porter Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, Analyzing Inter-Application Communication in Android, Proc. MobiSys '11: Proceedings of the 9th international conference International Conference on Mobile systemsSystems, applicationsApplications, and servicesServices, pp. 239-252239–252, ACM, New York, NY, 2011.

Anchor
Christudas 05
Christudas 05

[Christudas 2005] Internals of Java Class Loading, ONJava, 2005.

...

Anchor
Conventions 09
Conventions 09

[Conventions 2009] Code Conventions for the Java Programming Language, Sun Microsystems, 2009. AnchorCVE 11CVE 11 [CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011. Available at http://cve.mitre.org.

Anchor
Coomes 07
Coomes 07

[Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, Garbage Collection-Friendly Programming, Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007.

Anchor
Core Java 04
Core Java 04

[Core Java 2004] Cay S. Horstmann and Gary Cornell, Core Java™ 2, Volume I, Fundamentals, 7th ed., Prentice Hall PTR, Boston, 2004.

Anchor
Coverity 07
Coverity 07

[Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity, 2007.

Anchor
Cunningham 95
Cunningham 95

[Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in Pattern Languages of Program Design, James O. Coplien and Douglas C. Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995.

Anchor
CVE 11
CVE 11

[CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011.

Anchor
Daconta 00
Daconta 00

[Daconta 2000] Michael C. Daconta, When Runtime.exec() Won't, JavaWorld.com, 2000.

Anchor
Daconta 03
Daconta 03

[Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio, and W. Clay Richardson, More Java Pitfalls, Wiley Publishing, New York, 2003.

Anchor
Darwin 04
Darwin 04

[Darwin 2004] Ian F. Darwin, Java Cookbook, O'Reilly, Sebastopol, CA, 2004.

...

Anchor
Dennis 1966
Dennis 1966

[Dennis 1966] Jack B. Dennis and Earl C. Van Horn, Programming Semantics for Multiprogrammed Computations, Communications of the ACM, Volume 9, Issue 3, March 1966, pp. 143-155143–155, DOI=10.1145/365230.365252.

...

Anchor
Eclipse 08
Eclipse 08

[Eclipse 2008] The Eclipse Platform, 2008. 

Anchor
Egele 2013
Egele 2013

[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73-8473–84, 2013.

Anchor
EMA 2011
EMA 2011
Anchor
EMA 14
EMA 14

[EMA 20112014] Java SE 6 Documentation, Extension Mechanism Architecture, Oracle, Sun Microsystems1993, 20112014. 

Anchor
Enck 09
Enck 09

[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, IEEE Security & Privacy, vol. 7, 1, p. 50-5750–57, 2009.

Anchor
Encodings 062014
Encodings 062014

[Encodings 20062014] Supported Encodings, Sun MicrosystemsOracle, 20062014. 

Anchor
Enterprise 03
Enterprise 03

[Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.

Anchor
ESA 05
ESA 05

[ESA 2005] Java Coding Standards, prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005. 

Anchor
Fahl 2012
Fahl 2012

[Fahl 2012]  Fahl, Sascha, et al. "Why Eve and Mallory love Android: An analysis of Android SSL (in) security." Proceedings of the 2012 ACM conference Conference on Computer and communications securityCommunications Security. ACM, 2012.

Anchor
Fairbanks 07
Fairbanks 07

[Fairbanks 2007] Design Fragments, Defense Technical Information Center, Ft. Belvoir, VA, 2007.

...

Anchor
Fisher 03
Fisher 03

[Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, JDBC API Tutorial and Reference, 3rd ed., Addison-Wesley, Boston, MA, 2003.

Anchor
Flanagan 05
Flanagan 05

[Flanagan 2005] David Flanagan, Java in a Nutshell, 5th ed., O'Reilly, Sebastopol, CA, 2005.

...

Anchor
Fortify 08
Fortify 08
Anchor
Fortify 14
Fortify 14

[Fortify 20082014] A Taxonomy of Coding Errors that That Affect Security, Java/JSP, Fortify Software, 20082014.

Anchor
Fox 01
Fox 01

[Fox 2001] Joshua Fox, When Is a Singleton Not a Singleton?, Sun Developer Network, 2001.

...

Anchor
Gamma 95
Gamma 95

[Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley Professional, Boston, MA, 1995.

Anchor
Garfinkel 96
Garfinkel 96

[Garfinkel 1996] Simson Garfinkel and Gene Spafford, Practical UNIX & Internet Security, 2nd ed., O'Reilly, Sebastopol, CA, 1996.

Anchor
Garms 01
Garms 01

[Garms 2001] Jess Garms and Daniel Somerfield, Professional Java Security, Wrox Press, Chicago, 2001.

Anchor
GNU 13
GNU 13

[GNU 2013] GNU Coding Standards, Section 5.3, "Clean Use of C Constructs," Richard Stallman and other GNU Project volunteers, 2013

Anchor
Goetz 02
Goetz 02

[Goetz 2002] Brian Goetz, Java Theory and Practice: Don't Let the "this" Reference Escape during Construction, IBM developerWorks (Java technology), 2002.

...

Anchor
Goetz 05
Goetz 05

[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.

Anchor
Goetz 05b06
Goetz 05b06

[Goetz 2005b2006a] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005. AnchorGoetz 06Goetz 06 [Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and , Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, MA, 2006.

Anchor
Goetz 06b
Goetz 06b

[Goetz 2006b] Brian Goetz, Java Theory and Practice: Good Housekeeping Practices, IBM developerWorks (Java technology), 2006.

...

Anchor
Gong 03
Gong 03

[Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Prentice Hall, Boston, MA, 2003.

Anchor
Goodliffe 07
Goodliffe 07

[Goodliffe 2014] Pete Goodliffe, Code Craft: The Practice of Writing Excellent Code, No Starch Press, San Francisco, 2007

Anchor
Grand 02
Grand 02

[Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002.

Anchor
Gray 1985
Gray 1985Greanier 00Greanier 00

[Gray 1985] Jim Gray,  Tandem TR 85.7 WHY DO COMPUTERS STOP AND WHAT CAN BE DONE ABOUT IT?, 1985.

Anchor
Greanier 00
Greanier 00

[Greanier 2000] Todd Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000.

...

Anchor
Grosso 01
Grosso 01

[Grosso 2001] William Grosso, Java RMI, O'Reilly, Sebastopol, CA, 2001.

Anchor
Grubb 03
Grubb 03Gupta 05Gupta 05

[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005Grubb 2003] Penny Grubb and Armstrong A. Takang, Software Maintenance: Concepts and Practice, 2nd ed., World Scientific, River Edge, NJ, 2003.

Anchor
Haack 06Haack 06
Guillardoy 12
Guillardoy 12

[Guillardoy 2012] Esteban Guillardoy, Java 0Day Analysis (CVE-2012-4681), 2012.

Anchor
Gupta 05
Gupta 05

[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005.

Anchor
Haack 06
Haack 06

[ [Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, Immutable Objects in Java, 2006.

Anchor
Haggar 00
Haggar 00

[Haggar 2000] Peter Haggar, Practical Java™ Programming Language Guide, Addison-Wesley Professional, Boston, MA, 2000.

Anchor
Halloway 00
Halloway 00

[Halloway 2000] Stuart Halloway, Java Developer Connection Tech Tips, March 28, 2000.

...

Anchor
Harold 06
Harold 06

[Harold 2006] Elliotte Rusty Harold, Java I/O, 2nd ed., O'Reilly, Sebastopol, CA, 2006.

Anchor
Hatton 1995
Hatton 1995Hawtin 08Hawtin 08

[Hatton 1995] Les Hatton, Safer C: Developing Software for High-Integrity and Safety-Critical Systems, McGraw-Hill, New York, 1995.

Anchor
Hawtin 08
Hawtin 08

[Hawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding VulnerabilitiesHawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities, Sun Microsystems, Make it Fly 2008, London. 2008, 2008.

Anchor
Havelund 09
Havelund 09

[Havelund 2009] Klaus Havelund and Al Niessner, JPL Coding Standard, version 1.1, California Institute of Technology, 2009.

Anchor
Heffley 2004
Heffley 2004

[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04), Track 9, Volume 9, IEEE Computer Society, January 2004.

Anchor
Henney 03
Henney 03

[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.

Anchor
Hitchens 02Hitchens 02
[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.
HP 15
HP 15

[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Passwords Never Clear in Text, Hirondelle Systems, 2013.

Anchor
Hitchens 02
Hitchens 02

[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002 AnchorHornig 07Hornig 07 [Hornig 2007] Charles Hornig, Advanced Java™ Globalization,JavaOne Conference, 2007.

Anchor
Hovemeyer 07
Hovemeyer 07

[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.

Anchor
Howard 02
Howard 02

[Howard 2002] Michael Howard and David C. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, Redmond, WA, 2002.

Anchor
Hunt 98Hunt 98
Hughes 11
Hughes 11

[Hughes 2011] Elliott Hughes, JNI Local Reference Changes in ICS, November 2011.

Anchor
Hunt 98
Hunt 98

[Hunt [Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, Software IEEE Proceedings, 1998.

...

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 20061985), 2006.

Anchor
IETF OAuth1.0a
IETF OAuth1.0a

 [IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

Anchor
IETF OAuth2.0
IETF OAuth2.0

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Anchor
Intrepidus 2012
Intrepidus 2012

[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012.

Anchor
ISO/IEC 11889-1-2009
ISO/IEC 11889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use.   Geneva, Switzerland: International Organization for Standardization, March 2013.

...

Anchor
JavaThreads 04
JavaThreads 04

[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004'Reilly, Sebastopol, CA, 2004.

Anchor
Tutorials 08
Tutorials 08
Anchor
Java Tutorials
Java Tutorials
Anchor
Tutorials 15
Tutorials 15

[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.

Anchor
JCF 14
JCF 14

[JCF 2014] The Java Collections Framework, Oracle, 2014.

Anchor
JDK Bug 15
JDK Bug 15

[JDK Bug 2015] JDK Bug System, Oracle, 2015.

Anchor
JDK7 08
JDK7 08

[JDK7 2008] Java™PlatformJava™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.

Anchor
JLS 05
JLS 05

[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.

Anchor
JLS 14
JLS 14
Anchor
JLS 15
JLS 15
Anchor
JLS 2015
JLS 2015

[JLS 2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The Java® Language Specification, Java SE 8 Edition,   2015.

Anchor
JMX 06
JMX 06

[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.

Anchor
JMXG 06
JMXG 06

[JMXG 2006] Java SE Monitoring and Management Guide, Sun Microsystems, 2006.

Anchor
JNI 06
JNI 06

[JNI 2006] Java Native Interface, Sun Microsystems, 2006.

Anchor
JNISpec 14
JNISpec 14JNI 06JNI 06

[JNI 2006JNISpec 2014] Java Native Interface , Sun Microsystems, 2006Specification, Oracle, 2014.

Anchor
JNItips
JNItips

[JNI Tips] Java Tips, Android Training.

Anchor
Jovanovic 06
Jovanovic 06

[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 258–263, May 21–24, 2006.

...

Anchor
JPL 06
JPL 06

[JPL 2006] Ken Arnold, James Gosling, and David Holmes, The Java™ Programming Language, 4th ed., Addison-Wesley Professional, Boston, MA, 2006.

Anchor
JSR-133 04
JSR-133 04

[JSR-133 2004] JSR-133: Java™ Memory Model and Thread Specification, 2004.

...

Anchor
Kalinovsky 04
Kalinovsky 04

[Kalinovsky 2004] Alex Kalinovsky, Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, SAMS Publishing, Boston, 2004. 

Anchor
Klieber 2014
Klieber 2014

...

Anchor
Knoernschild 01
Knoernschild 01

[Knoernschild 2001] Kirk Knoernschild, Java™ Design: Objects, UML, and Process, Addison-Wesley Professional, Boston, MA, 2001.

Anchor
Lai 08
Lai 08

...

Anchor
Laplante 05
Laplante 05

[Laplante 2005] Phillip A. Laplante, Colin J. Neill, Antipatterns: Identification, Refactoring, and Management, Auerbach Publications, Boca Raton, FL, 2005.

Anchor
Lea 00
Lea 00

[Lea 2000a] Doug Lea, Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, MA, 2000.

Anchor
Lea 00b
Lea 00b

[Lea 2000b] Doug Lea and William Pugh, Correct and Efficient Synchronization of Java™ Technology based Threads, JavaOne Conference, 2000.

...

Anchor
Mak 02
Mak 02

[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002.

Anchor
Manson 08
Manson 08

[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.

Anchor
Manson 04
Manson 04

[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.

...

Anchor
Mcgraw 98
Mcgraw 98

[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rles Rules for Developing More Secure Java Code, JavaWorld.com, 1998.

...

Anchor
MITRE 2011
MITRE 2011

[MITRE 2011] MITRE Corporation, Common Weakness Enumeration, 2011. Available at http://cwe.mitre.org/.

Anchor
Mocha 07
Mocha 07

[Mocha 2007] Mocha, the Java Decompiler, 2007.

...

Anchor
Neward 04
Neward 04

[Neward 2004] Ted Neward, Effective Enterprise Java, Addison-Wesley Professional, Boston, MA, 2004.

Anchor
Nisewanger 07
Nisewanger 07

[Nisewanger 2007] Jeff Nisewanger, Avoiding Antipatterns, JavaOne Conference, 2007.

...

Anchor
Oracle 11c
Oracle 11c

[Oracle 2011c] Package javax.servelt.http, Oracle Corporation, Oracle  2011.

Anchor
Oracle 11d
Oracle 11d

[Oracle 2011d] Permissions in the Java™ SE 6 Development Kit (JDK), Oracle, 2011.

...

Anchor
Oracle 13d
Oracle 13d

[Oracle 2013d] Oracle Security Alert for CVE-2013-0422, Oracle, 2013.

Anchor
Oracle 14
Oracle 14

[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.

Anchor
Oracle 15
Oracle 15

[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.

...

Anchor
Philion 03
Philion 03

[Philion 2003] Paul Philion, Beware the dangers Dangers of generic Generic Exceptions, JavaWorld.com, 2003.

...

Anchor
Pistoia 04
Pistoia 04

[Pistoia 2004] Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin, Enterprise Java Security: Building Secure J2EE Applications, Addison-Wesley Professional, Boston, MA, 2004.

Anchor
Policy 02
Policy 02

[Policy 2002] Sun Microsystems, Default Policy Implementation and Policy File Syntax, Document revision 1.6, 2002.

...

Anchor
Pugh 09
Pugh 09

[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009Conference, 2009.

Anchor
Rapid7 14
Rapid7 14

[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.

Anchor
Reasoning 03
Reasoning 03

[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.

...

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] J. H. Saltzer, Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388---402388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] J. H. Saltzer and M. D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, Volume 63, Issue 9, 1975, 1278-13081278–1308.
Available at http://web.mit.edu/Saltzer/www/publications/protection/.

...

Anchor
Schildt 07
Schildt 07

[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.

Anchor
Schindler 12
Schindler 12

Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.

Anchor
Schneier 00
Schneier 00

[Schneier 2000] Bruce Schneier, Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.

Anchor
Schönefeld Schönefeld 02Schönefeld
Schönefeld 02

[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.

Anchor
Schönefeld Schönefeld 04Schönefeld
Schönefeld 04

[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.

...

Anchor
SDN 08
SDN 08

[SDN 2008] Sun Microsystems, SUN Developer Network, 1994-20081994–2008.

Anchor
Seacord 05
Seacord 05

[Seacord 2005] Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Boston, MA, 2005.

Anchor
Seacord 08
Seacord 08

[Seacord 2008] Robert C. Seacord,The CERT C Secure Coding Standard, Addison-Wesley Professional, Boston, MA, 2008.

Anchor
Seacord 10
Seacord 10

[Seacord 2010] Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch, Source Code Analysis Laboratory (SCALe) for energy delivery systems, CMU/SEI-2010-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, December 2010.

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-WesleyC++, 2nd ed. Addison-Wesley, Boston, 2013.

Anchor
Seacord2015
Seacord2015

[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.

Anchor
SecArch 06
SecArch 06

[SecArch 2006] Sun Microsystems, Java 2 Platform Security Architecture, 2006.

...

Anchor
Security 06
Security 06

[Security 2006] Java Security Guides, Sun Microsystems, Inc2006. (2006)

Anchor
SecuritySpec 08
SecuritySpec 08

[SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008.

Anchor
Sen 07
Sen 07

 [Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007.

Anchor
Shipilёv 2014
Shipilёv 2014

[Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.

Anchor
Steel 05
Steel 05

[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.

Anchor
Steele 1977
Steele 1977

[Steele 1977] G.L. Steele, Arithmetic Shifting Considered Harmful, ACM SIGPLAN Notices, Volume 12, Issue 11 (1977), 61-6961–69.

Anchor
Steinberg 05
Steinberg 05

[Steinberg 2005] Daniel H. Steinberg, Java Developer Connection Tech Tips Using the Varargs Language Feature, January 4, 2005.

...

Anchor
Sun 02
Sun 02

[Sun 2002] Reflection, Sun Microsystems, 2002).

Anchor
Sun 03
Sun 03

[Sun 2003] Sun Microsystems, Sun ONE Application Server 7 Performance Tuning Guide, 2003.

...

Anchor
Techtalk 07
Techtalk 07

[Techtalk 2007] Josh Bloch and William Pugh, The PhantomReference Menace. Attack of the Clone. Revenge of the Shift., JavaOne Conference, 2007.

Anchor
Tomcat 09
Tomcat 09

[Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009.fixes, Tomcat documentation, 2009.

Anchor
Unicode 2003
Unicode 2003

[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003 AnchorTutorials 08Tutorials 08 [Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008.

Anchor
Unicode 20032007
Unicode 20032007

[Unicode 20032007] The Unicode Consortium, The Unicode Standard, Version 45.01.0, defined by The Unicode Standard, Version 45.0, Addison-Wesley, Reading, MA, 2003, 2007, as amended by Unicode 5.1.0.

Anchor
Unicode 2011
Unicode 2011

[Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.

Anchor
Unicode 20072012
Unicode 20072012

[Unicode 20072012] The Unicode Consortium, . The Unicode Standard, Version 5Unicode 6.12.0, defined by , (Mountain View, CA: The Unicode StandardConsortium, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by Unicode 5.1.0. AnchorUnicode 2011Unicode 2011 [Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.2012. ISBN 978-1-936213-07-8)

Anchor
Urma 14
Urma 14

[Urma 2014] Raoul-Gabriel Urma, Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!, Oracle, March 2014.

Anchor
Venners 97
Venners 97

[Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997.

Anchor
Venners 03
Venners 03

[Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

Anchor
Verify
Verify

[Verify] Verifying App Behavior on the Android Runtime (ART), Android.

Anchor
Vermeulen 00
Vermeulen 00

[Vermeulen 2000] Allan Vermeulen, Scott W. Ambler, Greg Bumgardner, Eldon Metz, Trevor Misfeldt, Jim Shur, and Patrick Thompson. The Elements of Java Style. Cambridge University Press, New York, 2000.

Anchor
viaForensics 14
viaForensics 14

[viaForensics 2014] Secure mobile development best practices, viaForensics LLC., 2014 AnchorVenners 97Venners 97 [Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997. AnchorVenners 03Venners 03 [Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

Anchor
W3C 08
W3C 08

[W3C 2008] Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François François Yergeau, Extensible Markup Language (XML) 1.0, 5th ed., W3C Recommendation, 2008.

...

Anchor
Zukowski 04
Zukowski 04

[Zukowski 2004] John Zukowski, Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.