Interview and Book Review: The CERT Oracle Secure Coding Standard for JavaSrini Penchikala
. The CERT(R) Oracle(R) Secure Coding Standard for Java(t) provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard's guidelines will lead to higher-quality systems-robust systems that are more resistant to attack. ...
CERT Oracle Secure Coding Standard for Java, The Learn More Buy IDS10-J. Do not split characters between two data structures Legacy software frequently assumes that every character in a string occupies 8 bits (a Java byte). The Java language assumes that every character in a string occupies...
for which the vote was 4 (has time) to 12 (has no time). Some of the feedback we received afterwards was that although the CERT C Secure Coding Standard was a strong set of guidelines that had been developed with input from many of the technical experts at WG14 and had been reviewed...
import java.io.File; class DirList { public static void main(String[] args) throws Exception { File dir = new File(System.getProperty("dir")); if (!dir.isDirectory()) { System.out.println("Not a directory"); } else { for (String file : dir.list()) { System.out.println(file)...
Check inputs tojava.util.ZipInputStreamfor cases that cause consumption of excessive system resources. Denial of service can occur when resource usage is disproportionately large in comparison to the input data that causes the resource usage. The nature of the zip algorithm permits the existence of...