Video description
6+ Hours of Video Instruction
Overview
Java Professional Development LiveLessons provides developers with practical guidance for developing Java programs that are robust and secure. These LiveLessons complement The CERT Oracle Secure Coding Standard for Java.
Description
In this video training, Robert provides complementary coverage to the rules in The CERT Oracle Secure Coding Standard for Java, demonstrating common Java programming errors and their consequences using Java 8 and Eclipse. Robert describes language behaviors left to the discretion of JVM and compiler implementers and guides developers in the proper use of Java’s APIs including lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
About the Instructor
Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the Institute for Software Research and the Information Networking Institute at Carnegie Mellon University. He is the author of eight books on software development including The CERT® Oracle® Secure Coding Standard for Java™ (Addison- Wesley, 2012) and Java™ Coding Guidelines 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2013). He has also published more than sixty papers on software security, component-based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Skill Level
- Advanced
What You Will Learn
- How to perform common Java language programming tasks correctly.
- How to avoid programming errors that are not detected or reported by the compiler.
- How to develop programs that are robust, reliable, secure, and fast.
Who Should Take This Course
- Java developers who wish to make the transition from a skilled amateur to a software professional capable of developing code that has to work.
Course Requirements
- Understanding of programming and development
- Experience with Java programming
- Familiarity with Eclipse
Table of Contents
Part I (of III)
Introduction
Lesson 1: Java Security Concepts
Lesson 2: Input Validation and Data Sanitization (IDS)
Lesson 3: Declarations and Initialization (DCL):
Lesson 4: Expressions (EXP)
Lesson 5: Numeric Types and Operations (NUM)
Lesson 6: Characters and Strings (STR)
Summary
Part II (of III)
Introduction
Lesson 1: Object Orientation (OBJ)
Lesson 2: Methods (MET)
Lesson 3: Exceptional Behavior (ERR)
Lesson 4: Input Output (FIO)
Lesson 5: Serialization (SER)
Lesson 6: Platform Security (SEC)
Lesson 7: Runtime Environment (ENV)
Summary
Part III (of III)
Introduction
Lesson 1: Visibility and Atomicity (VNA) 301
Lesson 2: Locking (LCK)
Lesson 3: Thread APIs (THI)
Lesson 4: Thread Pools (TPS)
Lesson 5: Thread-Safety Miscellaneous (TSM))
Lesson 6: Miscellaneous (MSC)
Summary
About LiveLessons Video Training
The LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at: http://www.informit.com/livelessons.
Table of contents
- Introduction
-
Lesson 1: Java Security Concepts
- Injection attacks 00:15:46
- Leaking sensitive data 00:05:04
- Denial-of-service attacks 00:08:02
-
Lesson 2: Input Validation and Data Sanitization (IDS)
- IDS00-J. Prevent SQL Injection 00:08:54
- IDS01-J. Normalize strings before validating them 00:05:05
- IDS03-J. Do not log unsanitized user input 00:03:32
- IDS04-J. Safely extract files from ZipInputStream 00:05:10
- IDS06-J. Exclude unsanitized user input from format strings 00:05:47
- IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method 00:03:33
- IDS08-J. Sanitize untrusted data passed to a regex 00:04:21
- IDS11-J. Perform any string modifications before validation 00:07:12
- IDS16-J. Prevent XML Injection 00:09:34
- IDS17-J. Prevent XML External Entity Attacks 00:06:19
- Lesson 3: Declarations and Initialization (DCL):
-
Lesson 4: Expressions (EXP)
- EXP00-J. Do not ignore values returned by methods 00:02:16
- EXP01-J. Never dereference null pointers 00:05:13
- EXP02-J. Do not use the Object.equals () method to compare two arrays 00:03:27
- EXP03-J. Do not use the equality operators when comparing values of boxed primitives 00:07:44
- EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type 00:04:38
- EXP06-J. Expressions used in assertions must not produce side effects 00:01:35
-
Lesson 5: Numeric Types and Operations (NUM)
- NUM00-J. Detect or prevent integer overflow 00:06:03
- NUM01-J. Do not perform bitwise and arithmetic operations on the same data 00:03:43
- NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors 00:00:54
- NUM03-J. Use integer types that can fully represent the possible range of unsigned data 00:02:58
- NUM04-J. Do not use floating-point numbers if precise computation is required 00:02:26
- NUM05-J. Do not use denormalized numbers 00:03:09
- NUM07-J. Do not attempt comparisons with NaN 00:01:27
- NUM08-J. Check floating-point inputs for exceptional values 00:03:32
- NUM09-J. Do not use floating-point variables as loop counters 00:02:02
- NUM10-J. Do not construct BigDecimal objects from floating-point literals 00:01:08
- NUM11-J. Do not compare or inspect the string representation of floating-point values 00:01:53
- NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data 00:05:01
- NUM13-J. Avoid loss of precision when converting primitive integers to floating-point 00:02:57
-
Lesson 6: Characters and Strings (STR)
- STR00-J. Don't form strings containing partial characters from variable-width encodings 00:13:32
- STR01-J. Do not assume that a Java char fully represents a Unicode code point 00:10:15
- STR02-J. Specify an appropriate locale when comparing locale-dependent data 00:03:44
- STR03-J. Do not encode non-character data as a string 00:04:22
- STR04-J. Use compatible character encodings when communicating string data between JVMs 00:02:06
Product information
- Title: Secure Coding Rules for Java, Part I
- Author(s):
- Release date: October 2015
- Publisher(s): Addison-Wesley Professional
- ISBN: 0134031520
You might also like
video
Spring Data for Java Developers
In this Spring Data for Java Developers training course, expert author Kevin Bowersox will teach users …
video
Understanding Spring Integration
Spring Integration is a Java-based tool designed to support information exchange between disparate systems. While APIs …
book
Head First Design Patterns, 2nd Edition
You know you don’t want to reinvent the wheel, so you look to design patterns—the lessons …
video
Secure Coding Rules for Java: Serialization
3+ Hours of Video Instruction Secure Coding Rules for Java: Serialization LiveLessons provides developers with practical …