[Abadi 96] Prudent Engineering Practice for Cryptographic Protocols, by Martin Abadi and Roger Needham, IEEE Transactions on Software Engineering Volume 22, Issue 1, Jan 1996 Page(s):6 - 15. (1996)
[API 06] Java Platform, Standard Edition 6 API Specification, Sun Microsystems, Inc. (2006)
[Austin 00] Advanced Programming for the Java 2 Platform, by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)
[Bea 08] Packaging WebLogic Server J2EE Applications (2008)
[Bloch 01] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)
[Bloch 05] Java⢠Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)
[Bloch 05b] Yet More Programming Puzzlers, by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)
[Bloch 07] Effective Java⢠Reloaded: This Time It's (not) for Real, by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d419da6e-1dec-4053-b267-3ed831e27d0c"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>
[Bloch 08] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)
[Bloch 09] Return of the Puzzlers: Schlock and Awe, by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)
[Boehm 05] Finalization, Threads, and the Java⢠Technology-Based Memory Model, by Hans-J. Boehm. JavaOne Conference. (2005)
[Campione 96] The Java Tutorial, by Mary Campione and Kathy Walrath (1996)
[CCITT 88] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva. (1988)
[Chan 99] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)
[Chess 07] Secure Programming with Static Analysis, by Brian Chess and Jacob West. Addison-Wesley Professional. (2007)
[Christudas 05] Internals of Java Class Loading, ONJava. (2005)
[Conventions 09] Code Conventions for the Java Programming Language. Sun Microsystems, Inc. (2009)
[CVE 08] Common Vulnerability Exposure, MITRE Corporation. (2008)
[Coomes 07] Garbage Collection-Friendly Programming by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)
[Core Java 04] Core Java⢠2 Volume I - Fundamentals, Seventh Edition by Cay S. Horstmann, Gary Cornell. Prentice Hall PTR. (2004)
[Cunningham 95] "The CHECKS Pattern Language of Information Integrity", Pattern Languages of Program Design, by Ward Cunningham, edited by James O Coplien and Douglas C Schmidt. Addison-Wesley. (1995)
[Daconta 00] When Runtime.exec() won't, by Michael C. Daconta, JavaWorld.com. (2000)
[Daconta 03] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)
[Unicode 08] Unicode Standard Annex #15, Unicode Normalization Forms, by Mark Davis and Martin Dürst. (2008)
[Unicode 08b] Unicode Technical Report #36, Unicode Security Considerations, by Mark Davis and Michel Suignard. (2008)
[Dormann 08] Signed Java Applet Security: Worse than ActiveX?, by Will Dormann. CERT Vulnerability Analysis Blog. (2008)
[Darwin 04] Java Cookbook, by Ian F. Darwin (2004)
[Doshi 03] Best Practices for Exception Handling by Gunjan Doshi. (2003)
[Eclipse 08] The Eclipse Platform (2008)
[Encodings 06] Supported Encodings, Sun Microsystems, Inc. (2006)
[Enterprise 03] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)
[ESA 05] Java Coding Standards, prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)
[FindBugs 08] FindBugs Bug Descriptions (2008)
[Fisher 03] JDBC API Tutorial and Reference, 3rd edition, by Maydene Fisher, Jon Ellis, and Jonathan Bruce, Prentice Hall, The Java Series. (2003)
[Flanagan 05] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)
[Fortify 08] A Taxonomy of Coding Errors that Affect Security Java/JSP, Fortify Software. (2008)
[Fox 01] When is a Singleton not a Singleton?, by Joshua Fox, Sun Developer Network (SDN) (2001)
[FT 08] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)
[Gamma 95] Design Patterns: Elements of Reusable Object-Oriented Software, by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides. Addison-Wesley Professional Computing Series. (1995)
[Garms 01] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)
[Goetz 02] Java theory and practice: Don't let the "this" reference escape during construction, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)
[Goetz 04] Java theory and practice: Garbage collection and performance, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 04b] Java theory and practice: The exceptions debate: To check, or not to check?, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 05] Java theory and practice: Be a good (event) listener, Guidelines for writing and supporting event listeners, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 05b] Java theory and practice: Plugging memory leaks with weak references, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 06] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)
[Goetz 06b] Java theory and practice: Good housekeeping practices, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)
[Goldberg 91] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, Inc. March 1991. (1991)
[Gong 03] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)
[Greanier 00] Discover the secrets of the Java Serialization API, by Todd Greanier, Sun Developer Network (SDN). (2000)
[Green 08] Canadian Mind Products Java & Internet Glossary by Roedy Green. (2008)
[Grosso 01] Java RMI, by William Grosso. O'Reilly. (2001)
[Gupta 05] Java memory leaks - Catch me if you can, by Satish Chandra Gupta and Rajeev Palanki. (2005)
[Haack 06] Immutable Objects in Java, by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)
[Haggar 00] Practical Java⢠Programming Language Guide, by Peter Haggar. Addison-Wesley Professional. (2000)
[Halloway 00] Java Developer Connection Tech Tips, March 28, 2000, by Stuart Halloway.
[Halloway 01] Java Developer Connection Tech Tips, January 30, 2001, by Stuart Halloway.
[Harold 97] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)
[Harold 99] Java I/O, by Elliotte Rusty Harold. O'REILLY. (1999)
[Harold 06] Java I/O, by Elliotte Rusty Harold (2nd Edition). O'Reilley. (2006)
[Hawtin 08] Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)
[Henney 03] Null Object, Something for Nothing, by Kevlin Henney (2003)
[Hitchens 02] Java⢠NIO, by Ron Hitchens. O'Reilly. (2002)
[Hornig 07] Advanced Java⢠Globalization, by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)
[Hovemeyer 07] Finding more null pointer bugs, but not too many, by David Hovemeyer and William Pugh. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. (2007)
[Hunt 98] Java's reliability: an analysis of software defects in Java, by J. Hunt and F. Long. Software IEE Proceedings. (1998)
[J2SE 00] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems, Inc. J2SE Documentation version 1.3, Sun Microsystems, Inc. (2000)
[JarSpec 08] J2SE Documentation version 1.5, Jar File Specification, Sun Microsystems, Inc. (2000)
[Java 06] java - the Java application launcher, Sun Microsystems, Inc. (2006)
[Java2NS 99] Java 2 Network Security, by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok K. Ramani. IBM Corporation. (1999)
[JavaGenerics 04] [http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html], Sun Microsystems, Inc. (2004)
[JavaThreads 99] Java Threads (2nd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (1999)
[JavaThreads 04] Java Threads (3rd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (2004)
[JDK7 08] Java⢠Platform, Standard Edition 7 documentation, Sun Microsystems, Inc., 19 Dec 2008. (2008)
[JLS 05] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. The Java Language Specification. (2005)
[JPL 05] The Java⢠Programming Language, Fourth Edition, by Ken Arnold, James Gosling, David Holmes. Addison Wesley Professional. (2005)
[JMX 06] Monitoring and Management for the Java Platform, Sun Microsystems, Inc. (2006)
[JMXG 06] Java SE Monitoring and Management Guide, Sun Microsystems, Inc. (2006)
[JNI 06] Java Native Interface, Sun Microsystems, Inc. (2006)
[JPDA 04] Java Platform Debugger Architecture (JPDA), Sun Microsystems, Inc. (2004)
[JVMTI 06] Java Virtual Machine Tool Interface (JVM TI), Sun Microsystems, Inc. (2006)
[JVMSpec 99] The Java Virtual Machine Specification, Sun Microsystems, Inc. (1999)
[Kabanov 09] The Ultimate Java Puzzler by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)
[Kabutz 01] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)
[Kalinovsky 04] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing. (2004)
[Knoernschild 01] Java⢠Design: Objects, UML, and Process, by Kirk Knoernschild. Addison-Wesley Professional. (2001)
[Lai 08] Java Insecurity: Accounting for Subtleties That Can Compromise Code, by Charlie Lai, Sun Microsystems (2008)
[Langer 08] http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html, Angelica Langer. (2008)
[Lea 00] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems, Inc. (2000)
[Lea 00b] Correct and Efficient Synchronization of Java⢠Technology based Threads, by Doug Lea and William Pugh. JavaOne Conference. (2000)
[Lee 09] Robust and Scalable Concurrent Programming: Lessons from the Trenches, by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)
[Liang 97] The Java⢠Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)
[Liang 98] Dynamic Class Loading in the Java⢠Virtual Machine, by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)
[Lieberman 86] Using prototypical objects to implement shared behavior in object-oriented systems. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986)
[Long 05] Software Vulnerabilities in Java, by Fred Long, CMU/SEI-2005-TN-044. (2005)
[Lo 05] Security Issues in Garbage Collection, by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)
[Low 97] Protecting Java Code via Obfuscation, by Douglas Low. (1997)
[Macgregor 98] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)
[Mak 02] Java Number Cruncher, The Java Programmer's Guide to Numerical Computing, by Ronald Mak. Prentice Hall. (2002)
[Martin 96] Granularity, by Robert C. Martin. (1996)
[McCluskey 01] Java Developer Connection Tech Tips, by Glen McCluskey, April 10, 2001. (2001)
[McGraw 00] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)
[Mcgraw 98] Twelve rules for developing more secure Java code, Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)
[Miller 09] Java⢠Platform Concurrency Gotchas, by Alex Miller, Terracotta. JavaOne Conference. (2009)
[MITRE 09] Common Weakness Enumeration, MITRE Corporation. (2009)
[Mocha 07] Mocha, the Java Decompiler (2007)
[Monsch 06] Ruining Security with java.util.Random Version 1.0, by Jan P. Monsch. (2006)
[MSDN 09] Using SQL Escape Sequences, Microsoft Corporation. (2009)
[Muchow 01] MIDlet Packaging with J2ME, by John W. Muchow (2001)
[Müller 02] Exception Handling: Common Problems and Best Practice with Java 1.4 by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)
[Naftalin 06] Java Generics and Collections, Maurice Naftalin and Philip Wadler, O'Reilly (2006)
[Naftalin 06b] Java⢠Generics and Collections: Tools for Productivity, by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)
[Neward 04] Effective Enterprise Java, by Ted Neward. Addison Wesley Professional. (2004)
[Nisewanger 07] Avoiding Antipatterns, by Jeff Nisewanger, JavaOne Conference (2007)
[Nolan 04] Decompiling Java, by Godfrey Nolan, Apress. (2004)
[Oaks 01] Java Security, by Scott Oaks. O'REILLY. (2001)
[OWASP 05] A Guide to Building Secure Web Applications and Web Services. The Open Web Application Security Project. (2005)
[OWASP 07] OWASP TOP 10 FOR JAVA EE. The Open Web Application Security Project. (2007)
[OWASP 08] OWASP. (2008)
[Patterns 02] Patterns in Java, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)
[Permissions 08] Permissions in the Java⢠SE 6 Development Kit (JDK), Sun Microsystems, Inc. (2008)
[Philion 03] Beware the dangers of generic Exceptions, by Paul Philion, JavaWorld.com. (2003)
[Phillips 05] Are We Counting Bytes Yet? at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)
[Pistoia 04] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)
[Policy 02] Default Policy Implementation and Policy File Syntax, Document revision 1.6, Sun Microsystems, Inc. (2002)
[Pugh 08] Defective Java Code: Turning WTF Code into a Learning Experience, by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)
[Pugh 04] The Java Memory Model (discussions reference) by William Pugh, Univ. of Maryland. (2004)
[Pugh 09] Defective Java Code: Mistakes That Matter, by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)
[Reasoning 03] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, Reasoning. 14 Nov 2003. (2003)
[Reflect 06] Reflection, Sun Microsystems, Inc. (2006)
[Rotem 08] Fallacies of Distributed Computing Explained, by Arnon Rotem-Gal-Oz. (2008)
[Roubtsov 03] Breaking Java exception-handling rules is easy, by Vladimir Roubtsov, JavaWorld.com. (2003)
[Roubtsov 03b] Into the mist of serialization myths, by Vladimir Roubtsov, JavaWorld.com. (2003)
[Schneier 00] Secrets and Liesâ”Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)
[SCG 07] Secure Coding Guidelines for the Java Programming Language, version 2.0, Sun Microsystems, Inc. (2007)
[Schildt 07] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)
[Schwarz 04] Avoiding Checked Exceptions, by Don Schwarz, ONJava (2004)
[Schoenefeld 04] Java Vulnerabilities in Opera 7.54 BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)
[Schweisguth 03] Java Tip 134: When catching exceptions, don't cast your net too wide, by Dave Schweisguth. Javaworld.com. (2003)
[Seacord 05] Seacord, Robert C. Secure Coding in C and C++. Boston, MA: Addison-Wesley. (2005)
[SecArch 06] Java 2 Platform Security Architecture, Sun Microsystems, Inc. (2006)
[Security 06] Java Security Guides, Sun Microsystems, Inc. (2006)
[SecuritySpec 08] http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html, Sun Microsystems, Inc. (2008)
[Steel 05] Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Microsystems, Inc. (2005)
[Sterbenz 06] Secure Coding Antipatterns: Avoiding Vulnerabilities, by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)
[Steuck 02] XXE (Xml eXternal Entity) attack, by Gregory Steuck (www.securityfocus.com). (2002)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98380c0e-ad08-4532-b8bd-3aa039b6a68a"><ac:parameter ac:name="">SDN 08</ac:parameter></ac:structured-macro>
[SDN 08] SUN Developer Network, Sun Microsystems, Inc. (1994-2008)
[Sen 07] Avoid the dangers of XPath injection, by Robi Sen, IBM developerWorks. (2007)
[Steinberg 05] Java Developer Connection Tech Tips "Using the Varargs Language Feature", Daniel H. Steinberg, January 4, 2005. (2005)
[Sun 03] Sun ONE Application Server 7 Performance Tuning Guide, Sun Microsystems, Inc. (2003)
[Sun 06] Java⢠Platform, Standard Edition 6 documentation, Sun Microsystems, Inc. (2006)
[Techtalk 07] The PhantomReference Menace. Attack of the Clone. Revenge of the Shift., by Josh Bloch and William Pugh, JavaOne Conference. (2007)
[Tomcat 09] Tomcat documentation, Changelog and Security fixes, the Apache Software Foundation. (2009)
[Tutorials 08] The Java Tutorials, Sun Microsystems, Inc. (2008)
[Venners 03] Security and the class loader architecture Java World.com, by Bill Venners. (1997)
[Venners 03] Failure and Exceptions, A Conversation with James Gosling, Part II, by Bill Venners. Artima.com. (2003)
[W3C 08] Extensible Markup Language (XML) 1.0 (Fifth Edition), W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)
[Ware 08] Writing Secure Java Code:A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools, Michael S. Ware. (2008)
[Weber 09] Exploiting Unicode-enabled Software, by Chris Weber, Casaba Security. CanSecWest March 2009. (2009)
[Wheeler 03] Secure Programming for Linux and Unix HOWTO, David A. Wheeler. (2003)
[Zukowski 04] Java Developer Connection Tech Tips "Creating Custom Security Permissions", John Zukowski, May 18, 2004. (2004)