Pearson The Cert Oracle Secure Coding Standard For Java

by Long

The Book is brand new.Guaranteed customer satisfaction.

Genres: Technology, Programming

744 pages, Paperback

First published September 1, 2011

Reviews

[Bernie Noel]

Read this with a book club at work. It's a great book filled with lots of architecture and best design concepts. It's dfeinitely a book I'll need to go back and reread a couple times.

[Mike Polsky · Rating 5 out of 5]

Really enjoyed it, it was surprisingly easy to read. Explained all the rules and principles well. I was thinking about our production code all the time WHILE reading it.

[Jeanne Boyarsky · Rating 4 out of 5]

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

[arzu · Rating 5 out of 5]

This book must be read by Java Application Developers who cares about vulnerability.