[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols,
IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6–15.
[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.
Anchor |
---|
| AndroidAPI 13 |
---|
| AndroidAPI 13 |
---|
|
[Android API 2013]
Android API.
Package Index, Android, 2013.
...
[Apache 2014]
Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.
[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.[API 2006]
Java Platform, Standard Edition 6 API Specification, Oracle, 2011.
...
[API 2013]
Java Platform, Standard Edition 7 API Specification, Oracle, 2013.
Anchor |
---|
| J2EE API 1413 |
---|
| J2EE API 1413 |
---|
|
[
J2EE API
20142013]
Java Platform, Standard Extended Edition 8 7 API Specification, Oracle,
20142013.
[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle, 2014.[Arnold [Arnold 2006] Ken Arnold, James Gosling, and David Holmes.
The Java™ Programming Language, 4th ed., Addison-Wesley, Boston, 2006.
...
[Chess 2007] Brian Chess and Jacob West,
Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, 2007
.[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers.", 2014.
[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner,
Analyzing Inter-Application Communication in Android,
Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.
...
[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.
[EMA
20112014]
Java SE 6 Documentation, Extension Mechanism Architecture, Oracle,
Sun Microsystems1993,
20112014.
[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security,
IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.
Anchor |
---|
| Encodings 062014 |
---|
| Encodings 062014 |
---|
|
[Encodings
20062014]
Supported Encodings,
Sun MicrosystemsOracle,
20062014.
Anchor |
---|
| Enterprise 03 |
---|
| Enterprise 03 |
---|
|
[Enterprise 2003] The O'Reilly Java Authors,
Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.
...
[Goetz 2005a] Brian Goetz,
Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.
[Goetz 2005b] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005.[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea,
Java Concurrency in Practice, Addison-Wesley Professional, Boston, 2006.
...
[Henney 2003] Kevlin Henney,
Null Object, Something for Nothing, 2003
.[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.
1.0.0009 of the Fortify Secure Coding Rulepacks], 2015. Anchor |
---|
| Hirondelle 13 |
---|
| Hirondelle 13 |
---|
|
[Hirondelle 2013]
Passwords Never Clear in Text, Hirondelle Systems, 2013.
[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.
Anchor |
---|
| Hornig Hovemeyer 07Hornig |
---|
| Hovemeyer 07 |
---|
|
[
Hornig 2007] Charles Hornig, Advanced Java™ Globalization,JavaOne Conference, 2007. Anchor |
---|
Hovemeyer 07 | Hovemeyer 07 | [Hovemeyer 2007] David Hovemeyer and Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many,
Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.
...
Anchor |
---|
| IEEE 754 2006 |
---|
| IEEE 754 2006 |
---|
|
[IEEE 754 2006] IEEE,
Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006
. Anchor |
---|
| IETF OAuth1.0a |
---|
| IETF OAuth1.0a |
---|
|
[IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.
Anchor |
---|
| IETF OAuth2.0 |
---|
| IETF OAuth2.0 |
---|
|
[IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.
Anchor |
---|
Intrepidus 2012 | Intrepidus 2012 |
[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012 |
---|
| Intrepidus 2012 |
---|
| Intrepidus 2012 |
---|
|
[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012.
Anchor |
---|
| ISO/IEC 11889-1-2009 |
---|
| ISO/IEC 11889-1-2009 |
---|
|
Anchor |
---|
| ISO-IEC 11889-1-2009 |
---|
| ISO-IEC 11889-1-2009 |
---|
|
[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.
Anchor |
---|
| ISO/IEC TR 24772-2010 |
---|
| ISO/IEC TR 24772-2010 |
---|
|
[ISO/IEC TR 24772:2010] ISO/IEC TR 24772.
Information Technology —
Programming Languages —
Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.
...
Anchor |
---|
| JavaThreads 04 |
---|
| JavaThreads 04 |
---|
|
[JavaThreads 2004] Scott Oaks and Henry Wong,
Java Threads, 3rd ed.,
O'Reilly, Sebastopol, CA, 2004O'Reilly, Sebastopol, CA, 2004. Anchor |
---|
| Java Tutorials |
---|
| Java Tutorials |
---|
|
[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.
[JCF 2014]
The Java Collections Framework, Oracle, 2014.
[JDK Bug 2015] JDK Bug System, Oracle, 2015.[JDK7 2008]
Java™PlatformJava™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.
[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha,
The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.
[JLS ...
2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The
...
Java® Language Specification, Java SE 8 Edition,
...
2015.
[JMX 2006]
Monitoring and Management for the Java Platform, Sun Microsystems, 2006.
...
[Mak 2002] Ronald Mak,
Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ
, 2002, 2002.[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.
[Manson 2004] Jeremy Manson and Brian Goetz,
JSR 133 (Java Memory Model) FAQ, 2004.
...
[McGraw 1998] Gary McGraw and Edward W. Felten,
Twelve Rles Rules for Developing More Secure Java Code, JavaWorld.com, 1998.
...
[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.
[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.
[OWASP 2005]
A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.
...
[Pugh 2009] William Pugh,
Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009
.[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.
[Reasoning 2003]
Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.
...
[Schildt 2007
] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.
[Schneier 2000] Bruce Schneier,
Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.
Anchor |
---|
| Schönefeld Schönefeld 02Schönefeld |
---|
| Schönefeld 02 |
---|
|
[Sch
önefeld 2002] Marc Sch
önefeld,
Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.
Anchor |
---|
| Schönefeld Schönefeld 04Schönefeld |
---|
| Schönefeld 04 |
---|
|
[Sch
önefeld 2004] Marc Sch
önefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.
...
[Seacord 2013] Seacord, Robert C.
Secure Coding in C and C++, 2nd ed
. Addison-Wesley, Boston, 2013.[Seacord 2015] Seacord, Robert C.
Secure Coding Rules for Java. Addison-Wesley
Professional, Boston, 2013.
[SecArch 2006] Sun Microsystems,
Java 2 Platform Security Architecture, 2006.
...
Anchor |
---|
| SecuritySpec 08 |
---|
| SecuritySpec 08 |
---|
|
[SecuritySpec 2008] Sun Microsystems,
Java Security Architecture, 2008.
[Sen 2007
] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007. Anchor |
---|
| Shipilёv 2014 |
---|
| Shipilёv 2014 |
---|
|
[Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.
[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai,
Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.
...
[Tomcat 2009] Apache Software Foundation,
Changelog and
Security fixes, Tomcat documentation, 2009.
Anchor |
---|
Tutorials 08 | Tutorials 08 |
[Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008.[Unicode 2003] The Unicode Consortium,
The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.
...
[Unicode 2011] The Unicode Consortium,
The Unicode Standard,
Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011
.[Unicode 2012] The Unicode Consortium.
The Unicode Standard, Unicode 6.2.0, (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-936213-07-8)[Urma 2014] Raoul-Gabriel Urma,
Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!, Oracle, March 2014.
...
[Zukowski 2004] John Zukowski,
Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.