File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Book Reviews and the fly likes The CERT Oracle Secure Coding Standard for Java Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "The CERT Oracle Secure Coding Standard for Java" Watch "The CERT Oracle Secure Coding Standard for Java" New topic
Author

The CERT Oracle Secure Coding Standard for Java

Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 946
Author/s    : Fred Long et al
Publisher   : Addison-Wesley Professional
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 8 horseshoes

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at Amazon.com
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: The CERT Oracle Secure Coding Standard for Java