Video description
6+ Hours of Video Instruction
Overview
Java Professional Development LiveLessons provides developers with practical guidance for developing Java programs that are robust and secure. These LiveLessons complement The CERT Oracle Secure Coding Standard for Java.
Description
In this video training, Robert provides complementary coverage to the rules in The CERT Oracle Secure Coding Standard for Java, demonstrating common Java programming errors and their consequences using Java 8 and Eclipse. Robert describes language behaviors left to the discretion of JVM and compiler implementers and guides developers in the proper use of Java’s APIs including lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.
About the Instructor
Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the Institute for Software Research and the Information Networking Institute at Carnegie Mellon University. He is the author of eight books on software development including The CERT® Oracle® Secure Coding Standard for Java™ (Addison- Wesley, 2012) and Java™ Coding Guidelines 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2013). He has also published more than sixty papers on software security, component-based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Skill Level
- Advanced
What You Will Learn
- How to perform common Java language programming tasks correctly.
- How to avoid programming errors that are not detected or reported by the compiler.
- How to develop programs that are robust, reliable, secure, and fast.
Who Should Take This Course
- Java developers who wish to make the transition from a skilled amateur to a software professional capable of developing code that has to work.
Course Requirements
- Understanding of programming and development
- Experience with Java programming
- Familiarity with Eclipse
Table of Contents
Part I (of III)
Introduction
Lesson 1: Java Security Concepts
Lesson 2: Input Validation and Data Sanitization (IDS)
Lesson 3: Declarations and Initialization (DCL):
Lesson 4: Expressions (EXP)
Lesson 5: Numeric Types and Operations (NUM)
Lesson 6: Characters and Strings (STR)
Summary
Part II (of III)
Introduction
Lesson 1: Object Orientation (OBJ)
Lesson 2: Methods (MET)
Lesson 3: Exceptional Behavior (ERR)
Lesson 4: Input Output (FIO)
Lesson 5: Serialization (SER)
Lesson 6: Platform Security (SEC)
Lesson 7: Runtime Environment (ENV)
Summary
Part III (of III)
Introduction
Lesson 1: Visibility and Atomicity (VNA) 301
Lesson 2: Locking (LCK)
Lesson 3: Thread APIs (THI)
Lesson 4: Thread Pools (TPS)
Lesson 5: Thread-Safety Miscellaneous (TSM))
Lesson 6: Miscellaneous (MSC)
Summary
About LiveLessons Video Training
The LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at: http://www.informit.com/livelessons.
Table of contents
- Introduction
- Lesson 1: Java Security Concepts
-
Lesson 2: Input Validation and Data Sanitization (IDS)
- IDS00-J. Prevent SQL Injection
- IDS01-J. Normalize strings before validating them
- IDS03-J. Do not log unsanitized user input
- IDS04-J. Safely extract files from ZipInputStream
- IDS06-J. Exclude unsanitized user input from format strings
- IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method
- IDS08-J. Sanitize untrusted data passed to a regex
- IDS11-J. Perform any string modifications before validation
- IDS16-J. Prevent XML Injection
- IDS17-J. Prevent XML External Entity Attacks
- Lesson 3: Declarations and Initialization (DCL):
-
Lesson 4: Expressions (EXP)
- EXP00-J. Do not ignore values returned by methods
- EXP01-J. Never dereference null pointers
- EXP02-J. Do not use the Object.equals () method to compare two arrays
- EXP03-J. Do not use the equality operators when comparing values of boxed primitives
- EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type
- EXP06-J. Expressions used in assertions must not produce side effects
-
Lesson 5: Numeric Types and Operations (NUM)
- NUM00-J. Detect or prevent integer overflow
- NUM01-J. Do not perform bitwise and arithmetic operations on the same data
- NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors
- NUM03-J. Use integer types that can fully represent the possible range of unsigned data
- NUM04-J. Do not use floating-point numbers if precise computation is required
- NUM05-J. Do not use denormalized numbers
- NUM07-J. Do not attempt comparisons with NaN
- NUM08-J. Check floating-point inputs for exceptional values
- NUM09-J. Do not use floating-point variables as loop counters
- NUM10-J. Do not construct BigDecimal objects from floating-point literals
- NUM11-J. Do not compare or inspect the string representation of floating-point values
- NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
- NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
-
Lesson 6: Characters and Strings (STR)
- STR00-J. Don't form strings containing partial characters from variable-width encodings
- STR01-J. Do not assume that a Java char fully represents a Unicode code point
- STR02-J. Specify an appropriate locale when comparing locale-dependent data
- STR03-J. Do not encode non-character data as a string
- STR04-J. Use compatible character encodings when communicating string data between JVMs
Product information
- Title: Secure Coding Rules for Java, Part I
- Author(s):
- Release date: October 2015
- Publisher(s): Pearson
- ISBN: 0134031520
You might also like
book
Java Coding Problems
Develop your coding skills by exploring Java concepts and techniques such as Strings, Objects and Types, …
video
Secure Programming with Java
Secure design is essential to building and deploying secure Java programs. But, even the best of …
book
97 Things Every Java Programmer Should Know
If you want to push your Java skills to the next level, this book provides expert …
video
Learn How to Code: The Complete Core Java Programming Course
More than enough concepts are covered for professionals learning Java for Selenium About This Video Learn …