How Oracle Can Help You Write More Secure Code
By Mark Wilcox - OVD Product Manager on Oct 09, 2008
Now when James McGovern repeats his question of "when will Oracle show how to write secure code" we can point him to this post :).
First - make sure to read and check-back with Oracle Secure Technology Center.This is basically one-stop place for all of our security information. Oracle covers everything from OS to applications. And this location covers that breadth with links to deeper-dives.
Second - our Chief Security Officer Mary Ann Davidson has been trying to get developer education ecosystem (e.g. CS programs and their cousins) to do a better job of teaching secure coding. I believe she articulated the problem very well in her post - "The Supply Chain Problem".
Third - read this book (Mary Ann Davidson recommends it in her Supply Chain Problem) - Foundations of Security: What Every Programmer Needs to Know.
Fourth - if you do anything with the database- David Knox's Effective Oracle Database 10g Security by Design is still the go-to resource. It's book #2 on my tech shelf- after my own (me being first is mostly a vanity thing :)).
As an addendum - if you are writing code in ADF you should check out the new tutorial based on the new demo application - "Fusion Order Demo" . Besides learning all of the cool things ADF/JDev bring to the table - Chapter 28 covers how to leverage the external security framework. I hope to be able to use this application to demonstrate more of our capabilities - in particular OVD/IGF but possibly others too.