SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 311

changes.mady.by.user Fred Long

Saved on

compared with

New Version Current

changes.mady.by.user Robert Schiela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed unused ref.

Anchor
Abadi 96
Abadi 96

[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6–15.

Anchor
Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

 

Anchor
AndroidAPI 13
AndroidAPI 13

[Android API 2013] Android API. Package Index, Android, 2013.

...

Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.

Anchor
Apache 15
Apache 15

[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.

Anchor
API 06
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011.

...

Anchor
API 13
API 13

[API 2013] Java Platform, Standard Edition 7 API Specification, Oracle, 2013.

Anchor
J2EE API 1413
J2EE API 1413

[J2EE API 20142013] Java Platform, Standard Extended Edition 8 7 API Specification, Oracle, 20142013.

Anchor
Arnold 06Arnold 06
API 14
API 14

[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle, 2014.

Anchor
Arnold 06
Arnold 06

[ [Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java Programming Language, 4th ed., Addison-Wesley, Boston, 2006.

...

Anchor
Chess 07
Chess 07

[Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, 2007.

Anchor
Chen 14
Chen 14

[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers.", 2014.

Anchor
Chin 11
Chin 11

[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, Analyzing Inter-Application Communication in Android, Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.

...

Anchor
Egele 2013
Egele 2013

[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.

Anchor
EMA 2011
EMA 2011
Anchor
EMA 14
EMA 14

[EMA 20112014] Java SE 6 Documentation, Extension Mechanism Architecture, Oracle, Sun Microsystems1993, 20112014.

Anchor
Enck 09
Enck 09

[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.

Anchor
Encodings 062014
Encodings 062014

[Encodings 20062014] Supported Encodings, Sun MicrosystemsOracle, 20062014.

Anchor
Enterprise 03
Enterprise 03

[Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.

...

Anchor
Goetz 05
Goetz 05

[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.

Goetz 05b
Anchor
Goetz 05b
[Goetz 2005b] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005.
Anchor
Goetz 06
Goetz 06

[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, 2006.

...

Anchor
Grand 02
Grand 02

[Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002.

Anchor
Gray 1985
Gray 1985

[Gray 1985] Jim Gray,  Tandem TR 85.7 WHY DO COMPUTERS STOP AND WHAT CAN BE DONE ABOUT IT?, 1985.

Anchor
Greanier 00
Greanier 00

[Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000.

...

Anchor
Henney 03
Henney 03

[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.

Anchor
Hirondelle 13Hirondelle 13
HP 15
HP 15

[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Passwords Never Clear in [Hirondelle 2013] Passwords Never Clear in Text, Hirondelle Systems, 2013.

Anchor
Hitchens 02
Hitchens 02

[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.

Anchor
Hornig 07Hornig 07
[Hornig 2007] Charles Hornig, Advanced Java™ Globalization,JavaOne Conference, 2007.
Anchor
Hovemeyer 07
Hovemeyer 07

[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.

...

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006. 

Anchor
Intrepidus 2012Intrepidus 2012
[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012
IETF OAuth1.0a
IETF OAuth1.0a

 [IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

Anchor
IETF OAuth2.0
IETF OAuth2.0

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Anchor
Intrepidus 2012
Intrepidus 2012

[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012.

Anchor
ISO/IEC 11889-1-2009
ISO/IEC 11889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use.   Geneva, Switzerland: International Organization for Standardization, March 2013.

...

Anchor
JavaThreads 04
JavaThreads 04

[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004.

Anchor
Tutorials 08
Tutorials 08
Anchor
Java Tutorials
Java Tutorials
Anchor
Tutorials 15
Tutorials 15

[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.

Anchor
JCF 14
JCF 14

[JCF 2014] The Java Collections FrameworkFramework, Oracle, 2014.

Anchor
JDK Bug 15
JDK Bug 15

[JDK Bug 2015] JDK Bug System, Oracle, 20142015.

Anchor
JDK7 08
JDK7 08

[JDK7 2008] Java™PlatformJava™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.

Anchor
JLS 05
JLS 05

[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.

Anchor
JLS 14
JLS 14
Anchor
JLS 15
JLS 15
Anchor
JLS 2015
JLS 2015

[JLS 2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The Java® Language Specification, Java SE 8 Edition,   2015.

Anchor
JMX 06
JMX 06

[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.

...

Anchor
Mak 02
Mak 02

[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002, NJ, 2002.

Anchor
Manson 08
Manson 08

[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.

Anchor
Manson 04
Manson 04

[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.

...

Anchor
Mcgraw 98
Mcgraw 98

[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rles Rules for Developing More Secure Java Code, JavaWorld.com, 1998.

...

[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.

Anchor
Oracle 15
Oracle 15

[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.

...

Anchor
Pugh 09
Pugh 09

[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009.

Anchor
Rapid7 14
Rapid7 14

[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.

Anchor
Reasoning 03
Reasoning 03

[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.

...

Anchor
Schildt 07
Schildt 07

[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007, New York, 2007.

Anchor
Schindler 12
Schindler 12

Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.

Anchor
Schneier 00
Schneier 00

[Schneier 2000] Bruce Schneier, Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.

Anchor
Schönefeld Schönefeld 02Schönefeld
Schönefeld 02

[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.

Anchor
Schönefeld Schönefeld 04Schönefeld
Schönefeld 04

[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.

...

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Addison-Wesley, Boston, 2013.

Anchor
Seacord2015
Seacord2015

[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.

Anchor
SecArch 06
SecArch 06

[SecArch 2006] Sun Microsystems, Java 2 Platform Security Architecture, 2006.

...

Anchor
SecuritySpec 08
SecuritySpec 08

[SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008.

Anchor
Sen 07
Sen 07

 [Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007.

Anchor
Shipilёv 2014
Shipilёv 2014

[Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.

Anchor
Steel 05
Steel 05

[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.

...

Anchor
Tomcat 09
Tomcat 09

[Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009. AnchorTutorials 08Tutorials 08 [Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008, 2009.

Anchor
Unicode 2003
Unicode 2003

[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.

...

Anchor
Unicode 2011
Unicode 2011

[Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.

Anchor
Unicode 2012
Unicode 2012

[Unicode 2012] The Unicode Consortium. The Unicode Standard, Unicode 6.2.0, (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-936213-07-8)

Anchor
Urma 14
Urma 14

[Urma 2014] Raoul-Gabriel Urma, Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!, Oracle, March 2014.

Anchor
Venners 97
Venners 97

[Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997.

Anchor
Venners 03
Venners 03

[Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

...

Anchor
Zukowski 04
Zukowski 04

[Zukowski 2004] John Zukowski, Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.