The CERT Oracle Secure Coding Standard for Java [Long, Mohindra, Seacord, Sutherland & Svoboda 2011-09-18].pdf

(4014 KB) Pobierz

The CERT Oracle

Secure Coding Standard

for Java

™

The SEI Series in

Software Engineering

Visit

informit.com/sei

for a complete list of available products.

SEI Series in Software Engineering

represents is a collaborative

undertaking of the Carnegie Mellon Software Engineering Institute (SEI) and

Addison-Wesley to develop and publish books on software engineering and

related topics. The common goal of the SEI and Addison-Wesley is to provide

the most current information on these topics in a form that is easily usable by

practitioners and students.

Books in the series describe frameworks, tools, methods, and technologies

designed to help organizations, teams, and individuals improve their technical

or management capabilities. Some books describe processes and practices for

developing higher-quality software, acquiring programs for complex systems, or

delivering services more effectively. Other books focus on software and system

architecture and product-line development. Still others, from the SEI’s CERT

Program, describe technologies and practices needed to manage software

and network security risk. These and all books in the series address critical

problems in software engineering for which practical solutions are available.

Preface

iii

The CERT Oracle

Secure Coding Standard

for Java

™

Fred Long

Dhruv Mohindra

Robert C. Seacord

Dean F Sutherland

David Svoboda

Upper Saddle River, NJ • Boston • Indianapolis • San Francisco

New York • Toronto • Montreal • London • Munich • Paris • Madrid

Capetown • Sydney • Tokyo • Singapore • Mexico City

The SEI Series in Software Engineering

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.

Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have

been printed with initial capital letters or in all capitals.

CMM, CMMI, Capability Maturity Model, Capability Maturity Modeling, Carnegie Mellon, CERT, and CERT

Coordination Center are registered in the U.S. Patent and Trademark Ofﬁce by Carnegie Mellon University.

ATAM; Architecture Tradeoff Analysis Method; CMM Integration; COTS Usage-Risk Evaluation; CURE; EPIC; Evolution-

ary Process for Integrating COTS Based Systems; Framework for Software Product Line Practice; IDEAL; Interim Proﬁle;

OAR; OCTAVE; Operationally Critical Threat, Asset, and Vulnerability Evaluation; Options Analysis for Reengineering;

Personal Software Process; PLTP; Product Line Technical Probe; PSP; SCAMPI; SCAMPI Lead Appraiser; SCAMPI Lead

Assessor; SCE; SEI; SEPG; Team Software Process; and TSP are service marks of Carnegie Mellon University.

Carnegie Mellon University, in this book is granted by the Software Engineering Institute.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.

Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have

been printed with initial capital letters or in all capitals.

The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty

of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential

damages in connection with or arising out of the use of the information or programs contained herein.

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,

which may include electronic versions and/or custom covers and content particular to your business, training goals,

marketing focus, and branding interests. For more information, please contact:

U.S. Corporate and Government Sales

(800) 382-3419

corpsales@pearsontechgroup.com

For sales outside the United States please contact:

International Sales

international@pearson.com

Visit us on the Web: informit.com/aw

Library of Congress Cataloging-in-Publication Data

The CERT Oracle secure coding standard for Java / Fred Long . . . [et al.].

p. cm.—(The SEI series in software engineering)

Includes bibliographical references and index.

ISBN-13: 978-0-321-80395-5 (pbk. : alk. paper)

ISBN-10: 0-321-80395-7 (pbk. : alk. paper)

1. Java (Computer program language) 2. Computer security. 3. Oracle

(Computer ﬁle) 4. Computer programming—Standards. I. Long, F W.

(Frederick W.), 1947- II. Carnegie-Mellon University. CERT Coordination

Center.

QA76.73.J38C44 2012

005.8—dc23

2011027284

obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or

by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission to use material from this

work, please submit a written request to Pearson Education, Inc., Permissions Department, One Lake Street, Upper Saddle

River, New Jersey 07458, or you may fax your request to (201) 236-3290.

ISBN-13: 978-0-321-80395-5

ISBN-10:

0-321-80395-7

Text printed in the United States on recycled paper at Edwards Brothers in Ann Arbor, Michigan.

The CERT Oracle Secure Coding Standard for Java [Long, Mohindra, Seacord, Sutherland & Svoboda 2011-09-18].pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: