File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Book Reviews and the fly likes Secure Coding by Mark G. Graff, Kenneth R. van Wyk Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "Secure Coding by Mark G. Graff, Kenneth R. van Wyk" Watch "Secure Coding by Mark G. Graff, Kenneth R. van Wyk" New topic

Secure Coding by Mark G. Graff, Kenneth R. van Wyk

Book Review Team

Joined: Feb 15, 2002
Posts: 959
<pre>Author/s : Mark G. Graff, Kenneth R. van Wyk
Publisher : O'Reilly
Category : Other
Review by : Junilu Lacar
Rating : 9 horseshoes
This book goes beyond the technical aspects of security into things like psychology, economics, politics, and even history. "Why do good people write bad code?...To find security holes, think like an alien... How do economic and other social factor work against security quality?" These are just some of the things the authors touch on in presenting a holistic view of the security issues that must be dealt with when developing an application.
This is not a "cookbook" so don't expect to find many code examples; the few that you will find are in C. What you will find are a number of thought-provoking discussions and valuable insights into the root causes of security vulnerabilities. The authors share useful techniques, guidelines and checklists that they have used to create applications that are "just secure enough." They highlight both good and bad practices and present a number of case studies to help bring home important points. Managers, architects, designers, developers and even users will find something useful in this book.
This book will help you realize, if you haven't already, that security is neither trivial nor something that you can add on later: it needs to be designed into your application from the very start and continuously evaluated throughout the development process. And if you already knew that, you just might realize just how much more there really is to consider besides what you already do now to secure your applications.

More info at
More info at
I agree. Here's the link:
subject: Secure Coding by Mark G. Graff, Kenneth R. van Wyk
It's not a secret anymore!