The CERT® Oracle® Secure Coding Standard for Java 在線電子書 圖書標籤: Java 編程 計算機科學 CERT 安全 Oracle 2011 軟件工程
發表於2024-11-25
The CERT® Oracle® Secure Coding Standard for Java 在線電子書 pdf 下載 txt下載 epub 下載 mobi 下載 2024
我閱讀天書的能力真是越來越強瞭orzzz(倒在血泊中。。。
評分我閱讀天書的能力真是越來越強瞭orzzz(倒在血泊中。。。
評分我閱讀天書的能力真是越來越強瞭orzzz(倒在血泊中。。。
評分我閱讀天書的能力真是越來越強瞭orzzz(倒在血泊中。。。
評分我閱讀天書的能力真是越來越強瞭orzzz(倒在血泊中。。。
Fred Long 英國Aberystwyth大學計算機科學係高級講師和教學主任。主要講授形式方法、Java、C++和C的編程模式以及與編程相關的安全問題的課程。他是英國計算機協會中威爾士分會的主席,自1992年以來在軟件工程研究所(SEI)擔任客座研究員。最近正在研究如何在Java中探查安全性漏洞。
Dhruv Mohindra 印度Persistent係統工程有限公司的高級軟件工程師。曾研發瞭廣泛應用於企業服務器的監控軟件。曾在SEI的CERT項目工作,並緻力於在編程社區中提高對安全問題的警覺性。曾任職於卡內基·梅隆大學,擁有信息安全策略與管理碩士學位和印度Pune大學計算機工程學士學位。
Robert C. Seacord 資深計算機安全專傢和作傢。在計算機安全、曆史係統改造以及基於組件的軟件工程等領域具有極深的造詣。目前管理卡內基·梅隆大學SEI的CERT在安全編碼領域的創新項目。擁有Rensselaer Polytechnic學院計算機科學學士學位。
Dean F. Sutherland CERT高級軟件安全工程師,編譯器後端技術專傢組高級專傢。擁有卡內基·梅隆大學博士學位。曾擔任職業軟件工程師,在Tartan公司工作超過14年。
David Svoboda CERT軟件安全工程師,資深Java開發工程師,在Java開發領域擁有13年的開發經驗。是卡內基·梅隆大學的一係列軟件開發項目的主要開發者,這些項目涉及從層級芯片建模到社會組織仿真再到自動機器學習等多個方麵。
"In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure(R) Coding(R) Standard for Java(t) is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff." -James A. Gosling, Father of the Java Programming Language An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes). The CERT(R) Oracle(R) Secure Coding Standard for Java(t) provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard's guidelines will lead to higher-quality systems-robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java-for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics. After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation. The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java's APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
評分
評分
評分
評分
The CERT® Oracle® Secure Coding Standard for Java 在線電子書 pdf 下載 txt下載 epub 下載 mobi 下載 2024