[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols,
IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6–15.
[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.
| Anchor |
|---|
| AndroidAPI 13 |
|---|
| AndroidAPI 13 |
|---|
|
[Android API 2013]
Android API.
Package Index, Android, 2013.
...
[Apache 2014]
Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.
[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.[API 2006]
Java Platform, Standard Edition 6 API Specification, Oracle, 2011.
...
[API 2013]
Java Platform, Standard Edition 7 API Specification, Oracle, 2013.
[J2EE API 2013] Java Platform, Extended Edition 7 API Specification, Oracle, 2013.[API 2014]
Java Platform, Standard Edition 8 API Specification, Oracle, 2014.
...
[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner,
Analyzing Inter-Application Communication in Android,
Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.
...
[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.
[EMA
20112014]
Java SE 6 Documentation, Extension Mechanism Architecture, Oracle,
Sun Microsystems1993,
20112014.
[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security,
IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.
| Anchor |
|---|
| Encodings 062014 |
|---|
| Encodings 062014 |
|---|
|
[Encodings
20062014]
Supported Encodings,
Sun MicrosystemsOracle,
20062014.
| Anchor |
|---|
| Enterprise 03 |
|---|
| Enterprise 03 |
|---|
|
[Enterprise 2003] The O'Reilly Java Authors,
Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.
...
[Goetz 2005a] Brian Goetz,
Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.| Anchor |
|---|
Goetz 05b | Goetz 05b | [Goetz 2005b] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005.
...
[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security?
Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04), Track 9, Volume 9, IEEE Computer Society, January 2004.
[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.
| Anchor |
|---|
| Hirondelle 13 |
|---|
| Hirondelle 13 |
|---|
|
[Hirondelle 2013]
Passwords Never Clear in Text, Hirondelle Systems, 2013.
[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002
.| Anchor |
|---|
Hornig 07 | Hornig 07 | [Hornig 2007] Charles Hornig, Advanced Java™ Globalization,JavaOne Conference, 2007.
[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many,
Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.
...
| Anchor |
|---|
| JavaThreads 04 |
|---|
| JavaThreads 04 |
|---|
|
[JavaThreads 2004] Scott Oaks and Henry Wong,
Java Threads, 3rd ed.,
O'Reilly, Sebastopol, CA, 2004O'Reilly, Sebastopol, CA, 2004.| Anchor |
|---|
| Java Tutorials |
|---|
| Java Tutorials |
|---|
|
[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.
[JCF 2014]
The Java Collections Framework, Oracle, 2014.
[JDK Bug 2015] JDK Bug System, Oracle, 2015.[JDK7 2008]
Java™PlatformJava™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.
[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha,
The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.
[JLS ...
2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The
...
Java® Language Specification, Java SE 8 Edition,
...
2015.
[JMX 2006]
Monitoring and Management for the Java Platform, Sun Microsystems, 2006.
...
[Mak 2002] Ronald Mak,
Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River
, NJ, 2002, NJ, 2002.[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.
[Manson 2004] Jeremy Manson and Brian Goetz,
JSR 133 (Java Memory Model) FAQ, 2004.
...
[McGraw 1998] Gary McGraw and Edward W. Felten,
Twelve Rles Rules for Developing More Secure Java Code, JavaWorld.com, 1998.
...
[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.
[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.
[OWASP 2005]
A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.
...
[Pugh 2009] William Pugh,
Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009
.[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.
[Reasoning 2003]
Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.
...
[Schildt 2007] Herb Schildt,
Herb Schildt's Java Programming Cookbook, McGraw-Hill
, New York, 2007, New York, 2007.Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.
[Schneier 2000] Bruce Schneier,
Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.
| Anchor |
|---|
| Schönefeld Schönefeld 02Schönefeld |
|---|
| Schönefeld 02 |
|---|
|
[Sch
önefeld 2002] Marc Sch
önefeld,
Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.
| Anchor |
|---|
| Schönefeld Schönefeld 04Schönefeld |
|---|
| Schönefeld 04 |
|---|
|
[Sch
önefeld 2004] Marc Sch
önefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.
...
[Seacord 2013] Seacord, Robert C.
Secure Coding in C and C++, 2nd ed. Addison-Wesley, Boston, 2013.
[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.[SecArch 2006] Sun Microsystems,
Java 2 Platform Security Architecture, 2006.
...
| Anchor |
|---|
| SecuritySpec 08 |
|---|
| SecuritySpec 08 |
|---|
|
[SecuritySpec 2008] Sun Microsystems,
Java Security Architecture, 2008.
[Sen 2007] Robi Sen,
Avoid the Dangers of XPath Injection, IBM developerWorks, 2007
.| Anchor |
|---|
| Shipilёv 2014 |
|---|
| Shipilёv 2014 |
|---|
|
[Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.
[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai,
Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.
...
[Tomcat 2009] Apache Software Foundation,
Changelog and
Security fixes, Tomcat documentation, 2009.
| Anchor |
|---|
Tutorials 08 | Tutorials 08 |
[Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008.[Unicode 2003] The Unicode Consortium,
The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.
...
[Zukowski 2004] John Zukowski,
Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.
