What do you think?
Rate this book
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs: 75 Recommendations for Reliable and Secure Programs
“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.” –Mary Ann Davidson, Chief Security Officer, Oracle Corporation Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands. Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes. You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information. Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code. With a Foreword by James A. Gosling, Father of the Java Programming Language
300 pages, Paperback
First published July 12, 2013
9 people are currently reading
65 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
October 25, 2023
Honestly, I wish I had come across this gem earlier. This book perfectly lays out 75 tricky, highly compromising - and often not so obvious - pitfalls in a distilled, concise, and intuitive manner while masterfully illustrating optimal and sub-optimal approaches.
I strongly recommend this book to anyone regardless of experience in Software Engineering - in general - and with Java - in particular.
I strongly recommend this book to anyone regardless of experience in Software Engineering - in general - and with Java - in particular.
May 16, 2017
Not terrible, but a little hit or miss when it comes to the advice.
May 29, 2023
It is a decent reference for Java programmers. I wouldn't recommend it for security code review purposes.
October 20, 2013
This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named “Java Coding Guidelines – 75 Recommendations for Reliable and Secure Programs.” I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.
Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.
I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.
I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.
The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer “Java Coding Guidelines” to the first edition/CERT title. I wanted to give it 4.5 stars to reflect I rated it higher than the 4 stars I gave to the other.
---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.
I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.
I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.
The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer “Java Coding Guidelines” to the first edition/CERT title. I wanted to give it 4.5 stars to reflect I rated it higher than the 4 stars I gave to the other.
---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Displaying 1 - 4 of 4 reviews