Changes to Current Guidelines
1. All classes, methods will need to include the final keyword. Although this is against extensibility, it is critical from the security point of view.
2. All file separators must be replaced by platform independent File.separator
3. Possibly use the memento design pattern with deserialization. An inner class performs input validation using 'safe' objects, for example, long to store int vals and then updates the state of the actual outer class and so on..., Item 50 [Daconta 03]
Possible Recommendations
1. Add recommendation in MISC. about being careful using the environment - investigate usual conditions
2. Use HttpSession carefully, Item 25 [Daconta 03]
3. For good portability, do not make the assumption - all DBMSs can tolerate several open ResultSet Objects at a time, Item 41 [Daconta 03]