File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Java Coding Guidelines and OWASP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Coding Guidelines and OWASP" Watch "Java Coding Guidelines and OWASP" New topic

Java Coding Guidelines and OWASP

Patroklos Papapetrou
Ranch Hand

Joined: Aug 06, 2013
Posts: 32

It's great to see a book dedicated to java security guidelines. I recently took a course about java security and I was wondering how this book categorizes the security flaws. Is it based on the OWASP top 10 categories as described here : ? Do you follow another categorization?
And another question. Do you provide some working examples in the book?
Thanks a lot

Follow me on twitter ( @ppapapetrou76 ) or see my linked profile and connect with me
You can slso subscribe to my technical blog
Robert Seacord

Joined: Nov 12, 2013
Posts: 1

We don't really categorize security flaws in this book. For our coding standards (see we prioritize rules based on a risk assessment. Priorities are assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA) [IEC 60812]. One aspect of this is the Severity - How serious are the consequences of the rule being ignored:
1 = low (denial-of-service attack, abnormal termination)
2 = medium (data integrity violation, unintentional information disclosure)
3 = high (run arbitrary code, privilege escalation)
This has been sufficient for our purposes, as we are talking about the consequnces of violating the rules / guidelines and the same mistake can have different consequences in a different context. For this guidelines book, we elimianted the risk assessment entirely as these guidelines are meant to produce better code overall and a specific violation of one of these guidelines does not necesarily mean that your code has a vulnerbility.

Campbell Ritchie

Joined: Oct 13, 2005
Posts: 46320
Welcome to the Ranch
subject: Java Coding Guidelines and OWASP
It's not a secret anymore!