• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

The CERT Oracle Secure Coding Standard for Java

 
Book Review Team
Bartender
Posts: 962
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Author/s    : Fred Long et al
Publisher   : Addison-Wesley Professional
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 8 horseshoes

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at Amazon.com
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic