Java Coding Guidelines 75 Recommendations for Reliable and Secure Programs

“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”

–Mary Ann Davidson, Chief Security Officer, Oracle Corporation  

Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.

Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.

You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.

Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.

Fred Long is a senior lecturer in the Department of Computer Science, Aberystwyth University, in the United Kingdom. He is chairman of the British Computer Society’s Mid-Wales Branch. Fred has been a visiting scientist at the Software Engineering Institute (SEI) since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Fred is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Dhruv Mohindra is a technical lead in the security practices group that is part of the CTO’s office at Persistent Systems Limited, India, where he provides information security consulting solutions across various technology verticals such as cloud, collaboration, banking and finance, telecommunications, enterprise, mobility, life sciences, and health care. Dhruv has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Robert C. Seacord is the Secure Coding Initiative technical manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the School of Computer and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008), and is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012), and Secure Coding in C and C++ (Addison-Wesley, 2013).

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. Dean is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

David Svoboda is a software security engineer at CERT/SEI. He also maintains the CERT Secure Coding standard websites for Java, as well as C, C++, and Perl. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). David is also a coauthor of The CERT® Oracle® Secure Coding Standard for Java™ (Addison-Wesley, 2012).

Chapter 1: Security
1. Do not store unencrypted sensitive information at client-side
2. Limit the lifetime of sensitive data
3. Provide sensitive mutable classes with unmodifiable wrappers
4. Ensure security sensitive methods are called with validated arguments
5. Prevent arbitrary file upload
6. Properly encode or escape output
7. Prevent code injection
8. Prevent XPath Injection
9. Prevent LDAP injection
10. Do not use the clone method to copy untrusted method parameters
11. Do not use Object.equals() to compare cryptographic keys
12. Do not use insecure or weak cryptographic algorithms
13. Store passwords using a hash function
14. Ensure SecureRandom is properly seeded
15. Do not rely on overridden methods provided by untrusted code
16. Avoid granting excess privileges
17. Minimize privileged code
18. Do not expose methods that use reduced security checks to untrusted code
19. Define custom security permissions for fine-grained security
20. Create a secure sandbox using a security manager
21. Do not let untrusted code misuse privileges of callback methods

Chapter 2: Defensive Programming
22. Minimize the scope of variables
23. Minimize the scope of the @SuppressWarnings annotation
24. Minimize the accessibility of classes and their members
25. Document thread-safety and use annotations where applicable
26. Always provide feedback about the resulting value of a method
27. Identify files using multiple file attributes
28. Do not attach significance to the ordinal associated with an enum
29. Be aware of numeric promotion behavior
30. Enable compile-time type checking of variable arity parameter types
31. Do not apply public final to constants whose value might change in later releases
32. Avoid cyclic dependencies between packages
33. Prefer user-defined exceptions over more general exception types
34. Try to gracefully recover from system errors
35. Carefully design interfaces before releasing them
36. Write garbage-collection-friendly code

Chapter 3: Reliability
37. Do not shadow or obscure identifiers in subscopes
38. Do not declare more than one variable per declaration
39. Use meaningful symbolic constants to represent literal values in program logic
40. Properly encode relationships in constant definitions
41. For methods that return an array or collection, prefer returning an empty array or collection over a null value
42. Use exceptions only for exceptional conditions
43. Use a try-with-resources statement to safely handle closeable resources
44. Do not use assertions to verify the absence of runtime errors
45. Use the same type for the second and third operands in conditional expressions
46. Do not serialize direct handles to system resources
47. Prefer using iterators over enumerations
48. Do not use direct buffers for short-lived, infrequently used objects
49. Remove short-lived objects from long-lived container objects

Chapter 4: Program Understandability
50. Be careful using visually misleading identifiers and literals
51. Avoid ambiguous overloading of variable arity methods
52. Avoid in-band error indicators
53. Do not perform assignments in conditional expressions
54. Use braces for the body of an if, for, or while statement
55. Do not place a semicolon immediately following an if, for, or while condition
56. Finish every set of statements associated with a case label with a break statement
57. Use numerical comparison operators to terminate loops whose counter changes by more than one
58. Use parentheses for precedence of operation
59. Do not make assumptions about file creation
60. Convert integers to floating-point for floating-point operations
61. Ensure that the clone method calls super.clone
62. Use comments consistently and in a readable fashion
63. Detect and remove superfluous code and values
64. Strive for logical completeness

Chapter 5: Programmer Misconceptions
65. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object
66. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics
67. Do not assume that the remainder operator always returns a nonnegative result for integral operands
68. Do not confuse abstract object equality with reference equality
69. Understand the differences between bitwise and logical operators
70. Understand how escape characters are interpreted when strings are loaded
71. Avoid ambiguous or confusing uses of overloading
72. Do not use overloaded methods to differentiate between runtime types
73. Never confuse the immutability of a reference with that of the referenced object
74. Use the serialization methods writeUnshared() and readUnshared() with care
75. Do not attempt to help the garbage collector by setting local reference variables to null

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.