The CERT Oracle Secure Coding Standard for Java (Paperback)
暫譯: CERT Oracle Java安全編碼標準 (平裝本)
Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
- 出版商: Addison Wesley
- 出版日期: 2011-09-08
- 定價: $1,925
- 售價: 8.0 折 $1,540
- 語言: 英文
- 頁數: 744
- 裝訂: Paperback
- ISBN: 0321803957
- ISBN-13: 9780321803955
-
相關分類:
Java 程式語言、Oracle
立即出貨 (庫存 < 3)
買這商品的人也買了...
-
Fuzzing: Brute Force Vulnerability Discovery (Paperback)$2,380$2,261 -
The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2/e (Paperback)$2,030$1,929 -
Gray Hat Python: Python Programming for Hackers and Reverse Engineers (Paperback)$1,400$1,330 -
全球最強 VMware vSphere 4 企業環境建構$860$731 -
ASP.NET 4.0 專題實務-使用 C#$750$495 -
Secure Java: For Web Application Development (Paperback)$3,930$3,734 -
Java 加密與解密的藝術$480$408 -
Gray Hat Hacking The Ethical Hackers Handbook, 3/e (Paperback)$2,240$2,128 -
Linux Command Line and Shell Scripting Bible, 2/e (Paperback)$1,920$1,824 -
Google Android SDK 開發範例大全, 3/e$950$808 -
JavaScript: The Definitive Guide: Activate Your Web Pages, 6/e (Paperback)$2,510$2,385 -
大話資料結構$590$502 -
Google Android 應用程式開發實戰, 3/e (適用 Android SDK 2.x/3.x)$680$537 -
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, 2/e (Paperback)$1,980$1,881 -
Android 技術內幕-探索 Android 核心原理與系統開發$580$458 -
Android 4.X 手機/平板電腦程式設計入門、應用到精通, 2/e (適用 Android 1.X~4.X)$520$411 -
App 程式設計入門-iPhone、iPad, 2/e$490$323 -
《超強圖解》前進 Android Market!Google Android SDK 實戰演練, 2/e (適用2.X/3.X/4.X)$750$638 -
ASP.NET MVC 5 網站開發美學$780$616 -
AngularJS 建置與執行 (AngularJS: Up and Running: Enhanced Productivity with Structured Web Apps)$520$411 -
當猛虎遇上Android | 一手掌握Android App程式開發與設計$880$695 -
完整學會 Git, GitHub, Git Server 的24堂課$360$284 -
黑帽 Python | 給駭客與滲透測試者的 Python 開發指南 (Black Hat Python: Python Programming for Hackers and Pentesters)$400$316 -
Hadoop + Spark 大數據巨量分析與機器學習整合開發實戰$620$484 -
iOS 9 App 程式設計實力超進化實戰攻略:知名iOS教學部落格AppCoda作家親授實作關鍵技巧讓你不NG (Beginning iOS 9 Programming with Swift)$690$538
商品描述
“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
—James A. Gosling, Father of the Java Programming Language
An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).
The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.
After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation.
The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
商品描述(中文翻譯)
“在 Java 的世界裡,安全性並不是一個附加的功能,而是一種普遍的思維方式。那些忘記以安全的心態思考的人最終會陷入麻煩。但僅僅因為有這些設施並不意味著安全性會自動得到保證。多年來,一套標準實踐已經演變而成。The Secure® Coding® Standard for Java™ 是這些實踐的彙編。這些不是理論研究論文或產品行銷文案。這些都是嚴肅的、任務關鍵的、經過實戰考驗的、企業級的內容。”
—James A. Gosling, Java 程式語言之父
安全編碼在 Java 程式語言中的一個基本要素是良好記錄且可執行的編碼標準。編碼標準鼓勵程式設計師遵循一套由專案和組織需求決定的統一規則,而不是由程式設計師的熟悉程度或偏好來決定。一旦建立,這些標準可以用作評估源代碼的指標(使用手動或自動過程)。
The CERT® Oracle® Secure Coding Standard for Java™ 提供旨在消除可能導致可利用漏洞的不安全編碼實踐的規則。應用該標準的指導方針將導致更高質量的系統——更堅固的系統,對攻擊的抵抗力更強。這些指導方針對於用 Java 編碼的各種產品是必需的——例如 PC、遊戲機、手機、家用電器和汽車電子設備等裝置。
在對 Java 應用安全性進行高層次介紹後,十七個組織一致的章節詳細說明了 Java 開發的關鍵領域的具體規則。對於每個領域,作者提供不合規的範例和相應的合規解決方案,展示如何評估風險,並提供進一步資訊的參考資料。每條規則根據後果的嚴重性、引入可利用漏洞的可能性和修復成本進行優先排序。
該標準提供了針對 Java SE 6 平台的安全編碼規則,包括 Java 程式語言和庫,並且還涉及 Java SE 7 平台的新特性。它描述了留給 JVM 和編譯器實現者自行決定的語言行為,指導開發者正確使用 Java 的 API 和安全架構,並考慮與標準擴展 API(來自 javax 包層次結構)相關的安全問題。該標準涵蓋了適用於這些庫的安全問題:lang、util、Collections、Concurrency Utilities、Logging、Management、Reflection、Regular Expressions、Zip、I/O、JMX、JNI、Math、Serialization 和 JAXP。
