Secure Coding Guidelines for the Java Programming Language, Version 3.0

A new version (3.0) of the Secure Coding Guidelines for the Java Programming Language has just been published at http://java.sun.com/security/seccodeguide.html

The secure coding guidelines documents best practices and patterns that you should adhere to when writing Java code in order to avoid vulnerabilities. These guidelines are important for every Java developer, whether you are writing a trusted library or an end-user application.

Version 3.0 is a significant enhancement and includes a new section on fundamentals as well as many new guidelines and enhancements.

Please send me any feedback you may have.

Comments:

The Java platform has its own unique set of security challenges. One of its main design considerations is to provide a secure environment for executing mobile code. While the Java security architecture [1] can protect users and systems from hostile programs downloaded over a network, it cannot defend against implementation bugs that occur in trusted code. Such bugs can inadvertently open the very holes that the security architecture was designed to contain, including access to files, printers, webcams, microphones, and the network from behind firewalls. In severe cases, local programs may be executed or Java security disabled. These bugs can potentially be used to turn the machine into a zombie computer, steal confidential data from machine and intranet, spy through attached devices, prevent useful operation of the machine, assist further attacks, and many other malicious activities.

Posted by compact flash 64gb on January 06, 2010 at 02:43 AM EST #

Thank you: even though I'm fairly paranoid and have defined/implemented some security-sensitive Java stuff (read: money) a couple of points in there were new to me.

Rgds

Damon

Posted by Damon Hart-Davis on January 06, 2010 at 06:59 AM EST #

i Have been having issues with downloading mobile software developer platform.please help.any that is suitable.

Posted by Obed Thumbi on May 13, 2010 at 04:43 AM EDT #

Most of the developers around the world do not care much about coding securily in Java and this is really a challenge. We need Java runtime and servers to be more secure with less involvement from the developer
<a href="http://www.thejavacode.com">Java Programming Tutorials</a>

Posted by Java Programming on September 26, 2010 at 12:00 AM EDT #

Most of the developers around the world do not care much about coding securily in Java and this is really a challenge. We need Java runtime and servers to be more secure with less involvement from the developer
<a href="http://www.thejavacode.com">Java Programming Tutorials</a>

Posted by Java Programming Tutorials on September 26, 2010 at 12:01 AM EDT #

Most of the developers around the world do not care much about coding securily in Java and this is really a challenge. We need Java runtime and servers to be more secure with less involvement from the developer
<a href="http://www.thejavacode.com">Java Programming Tutorials</a>

Posted by Java Programming Tutorials on September 26, 2010 at 12:01 AM EDT #

Most of the developers around the world do not care much about coding securily in Java and this is really a challenge. We need Java runtime and servers to be more secure with less involvement from the developer

Posted by Java Programming Tutorials on September 26, 2010 at 12:02 AM EDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Sean Mullan

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today