[SC-L] working on java security help from experts

Romain Gaucher rgaucher at cigital.com
Thu Apr 1 16:29:33 EDT 2010 

CERT has also a many rules for Java (good and bad examples) as part of their secure coding practices.
You can find that here:
  https://www.securecoding.cert.org/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java

Romain
 - Security consultant, Cigital

________________________________________
From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Martin, Robert A. [ramartin at mitre.org]
Sent: Thursday, April 01, 2010 2:49 PM
To: Matt Parsons
Cc: SC-L at securecoding.org
Subject: Re: [SC-L] working on java security help from experts

The Common Weakness Enumeration (CWE) has a "view" of issues that can
occur in Java applications.

See: http://cwe.mitre.org/data/slices/660.html for a listing of all the
details or: http://cwe.mitre.org/data/lists/660.html for a list of the
items where the names are hyper-links to the content about them.

The entries include description, code examples, real world CVE examples
of the issue in many cases, references and in most cases pointers to the
attack patterns effective against the issue.

Bob

Matt Parsons wrote:
> I am trying to become an expert in source code review in java application security.  Are there any experts on this list that are willing to share some of their knowledge?   I am reading Java Security by Scott Oaks and I am rereading all of the Sun Docs on java security.  Any help would be greatly appreciated.
>
> Thanks,
> Matt
>
> Matt Parsons, MSM, CISSP
> 315-559-3588 Blackberry
> 817-294-3789 Home office
> "Do Good and Fear No Man"
> Fort Worth, Texas
> A.K.A The Keyboard Cowboy
> mailto:mparsons1980 at gmail.com
> http://www.parsonsisconsulting.com
> http://www.o2-ounceopen.com/o2-power-users/
> http://www.linkedin.com/in/parsonsconsulting
> http://parsonsisconsulting.blogspot.com/
> http://www.vimeo.com/8939668
>
> [cid:image001.jpg at 01CAD11E.CF635CA0]
>
> [cid:image002.jpg at 01CAD11E.CF635CA0]
>
>
>
>
>
>
>
>
>
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

More information about the SC-L mailing list