You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Current »

Guidelines

Security

This chapter contains guidelines that are concerned specifically with ensuring security of Java-based applications. They are concerned with issues such as

  1. Dealing with sensitive data.
  2. Avoiding common injection attacks.
  3. Language features that can be misused to compromise security.
  4. Details of Java's fine-grained security mechanism.

Defensive Programming

This chapter contains guidelines for defensive programming. Defensive programming is carefully guarded programming that helps you to construct reliable software by designing each component to protect itself as much as possible, for example, by checking that undocumented assumptions remain valid [Goodliffe 2006]. These guidelines address areas of the Java language that can help to constrain the effect of an error or help to recover from an error.

Best Practices

This chapter includes guidelines that

  1. Are essential for ensuring correctness of Java code.
  2. Contain specific, implementation-level Java coding advice.
  3. Have a higher normative requirement than the defensive programming category.

The guidelines deal with generally low-level Java language features that can easily be misused by the unwary.

Program Understandability

Program understandability is the ease with which the program can be understood—that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation [Grubb 2013]. Another term used to describe this property of source code is readability. Understandable code is easier to maintain because software maintainers are less likely to introduce defects into code that is clear and comprehensible. Understandability helps in manual analysis of source code because it allows the auditor to more easily spot defects and vulnerabilities. 

The guidelines in this chapter are mainly stylistic in nature; they will help a Java programmer to write clearer, more readable code.

Programmer Misconceptions

This chapter contains guidelines that address

  1. Misconceptions about Java APIs and language features.
  2. Assumptions and ambiguity-laced programs.
  3. Situations in which the programmer wanted to do x but ended up doing y.

They address areas where developers often make unwarranted assumptions about how Java works or where ambiguities can easily be introduced.

 

 

  • No labels