Welcome!

AJAX & REA Authors: Gary Kaiser, RealWire News Distribution, Pat Romanski, Kevin Benedict, Denise Dubie

Related Topics: Java, XML, SOA & WOA, .NET, Eclipse, AJAX & REA

Java: Book Review

Book Review: Java Coding Guidelines

Part of the SEI Series in Software Engineering

Although this book is written for the Java programmer, I would recommend reading it to any .NET or iOS developer as well. It is a must read for the Java developer, but is also a valuable read for developers of other languages because the guidelines are often built around a programmer's intent.

No matter what language you use most, many of the intentions that are targeted by the guidelines are the same. Do I wish there was a C# and Objective-C version of this book? Heck Yeah!!! But, one of the things that helped get to a deeper understanding of the guidelines was thinking about where and how they apply to C# and Objective-C. There is Secure Coding in C and C++ (Second Edition) and The CERT C Secure Coding Standard which are both great too.

The guidelines are broken down by chapter. The book also has an appendix that lists all 75 guidelines and whether or not the guideline is applicable to Android development. I have listed the chapters below. I have also included an overview of what the guidelines in the chapters are targeting as described in the introduction to the chapters.

Chapter 1. Security
1. Dealing with sensitive data
2. Avoiding common injection attacks
3. Language features that can be misused to compromise security
4. Details of Java’s fine-grained security mechanism

Chapter 2. Defensive Programming
The guidelines in this chapter address areas of the Java language that can help to constrain the effect of an error or help to recover from an error. A good overall principle for defensive programming is simplicity. If a construct turns out to be complicated to implement, consider redesigning or refactoring it to reduce the complexity.

Chapter 3. Reliability
1. Guidelines that help reduce errors, and are consequently important for developing reliable Java code.
2. Guidelines that contain specific Java coding recommendations to improve software reliability

Chapter 4. Program Understandability
Program understandability is the ease with which the program can be understood—that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation. Some guidelines in this chapter are stylistic in nature; they will help a Java programmer to write clearer, more readable code. Failure to follow these guidelines could result in obscure code and design defects.

Chapter 5. Programmer Misconceptions
1. Misconceptions about Java APIs and language features
2. Assumptions and ambiguity-laced programs
3. Situations in which the programmer wanted to do one thing but ended up doing another

Appendix A: Android
This appendix describes the applicability of the guidelines in this book to developing Java apps for the Android platform.

I really liked the way the chapter on defensive programming brought the goal of simplicity to the forefront. One of the hardest things to do is maintain simplicity when coding. Often times getting through very complex situations ends with a lot of the code being in a state where it can be refactored into much cleaner code.

I find one of the biggest mistakes programmers make is saying they will come back to it later and clean it up. They honestly have the best intention of doing that and sometimes even come back to do that. When they do they realize that the big ball of mud they made just getting the problem resolved will take too much time to relearn. What they had done two weeks prior gets left alone with the thought, it isn't broke, so I'll just leave it. Cleaning it up while it is fresh in your head is what needs to become a habit, otherwise never cleaning up will become your habit.

One of the really nice features of the book is that the author's include references to the rules that apply from The CERT Oracle Secure Coding Standard for Java. All of the rules are available on line- just google "CERT Oracle Secure Coding Standard for Java". Once there you just plug the code used in the book into the search and you're taken to the rule. The rule has more information and more code samples.

They also include references back to the online The Java Virtual Machine Specification- Java SE 7 Edition. Having these references really helps you get any additional information to help you fully understand the topic at hand.

Another thing I really like is that they show tons of noncompliant code examples and compliant solutions. It really helps to have the examples along with the explanations.

In the beginning of the book the authors say "While primarily designed for building reliable and secure systems, these guidelines are also useful for achieving other quality attributes such as safety, dependability, robustness, availability, and maintainability." I must agree and say that they have really provided a treasure chest of wisdom in this book. Following the guidelines in this book will go a long way in helping you achieve the quality attributes listed above in your architecture.

All in all I highly recommend this book to all Java developers. It is a must read for you. I also recommend to developers of other languages that want to gain new insight into guidelines that they can apply in their language of choice.

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)

More Stories By Tad Anderson

Tad Anderson has been doing Software Architecture for 18 years and Enterprise Architecture for the past few.

Cloud Expo Breaking News
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver data in a meaningful way, one that really delivers on what end-users need to maintain a competitive position in fast-changing markets.
SYS-CON Events announced today that Gigaom Research has been named "Media Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Ashar Baig, Research Director, Cloud, at Gigaom Research, will also lead a Power Panel on the topic "Choosing the Right Cloud Option." Gigaom Research provides timely, in-depth analysis of emerging technologies for individual and corporate subscribers. Gigaom Research's network of 200+ independent analysts provides new content daily that bridges the gap between breaking news and long-range research.
"We are automated capacity control software, which basically looks at all the supply and demand and running a virtual cloud environment and does a deep analysis of that and says where should things go," explained Andrew Hillier, Co-founder & CTO of CiRBA, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity. In his session at Internet of @ThingsExpo, Mac Devine, Distinguished Engineer at IBM, will discuss bringing these three elements together via Systems of Discover.
"In my session I spoke about enterprise cloud analytics and how we can leverage analytics as a service," explained Ajay Budhraja, CTO at the Department of Justice, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.
“We are starting to see people move beyond the commodity cloud and enterprises need to start focusing on additional value added services in order to really drive their adoption," explained Jason Mondanaro, Director of Product Management at MetraTech, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at 15th Internet of @ThingsExpo, Chad Jones, Vice President, Product Strategy of LogMeIn's Xively IoT Platform, will show you how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
All too many discussions about DevOps conclude that the solution is an all-purpose player: developer and operations guru, complete with pager for round-the-clock duty. For most organizations that is not the way forward. In his session at DevOps Summit, Bernard Golden, Vice President of Strategy at ActiveState, will discuss how to achieve the agility and speed of end-to-end automation without requiring an organization stocked with Supermen and Superwomen.
“The Internet of Things is a wave that has arrived and it’s growing really fast. The concern at Aria Systems is making sure that people understand the ramifications of their attempts to monetize whatever it is they build on the Internet of Things," explained C Brendan O’Brien, Co-founder and Chief Architect at Aria Systems, in this SYS-CON.tv interview at the Internet of @ThingsExpo, held June 10-12, 2014, at the Javits Center in New York City. Internet of @ThingsExpo 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world.
“About two years ago Brother launched a new group called Brother Online. We thought it was a good idea for a hardware company to get into the cloud services market and our first step into that market was web conferencing,” explained Courtney Behrens, Senior Marketing Manager at Brother International, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.
"So many teams have been stuck in their own practices for the last ten years and it's really hard to sell all the latest and greatest tools, but the reality is all the tools around operations have evolved so much you are starting to see a big shift toward upgrading that tool set, focusing more on automation, more on cloud," explained Dustin Whittle, Developer Evangelist at AppDynamics, in this SYS-CON.tv interview at the DevOps Summit, held June 10-12, 2014, at the Javits Center in New York City.
“We provide disaster recovery services as well as solutions. We also provide back-up solutions that work across your internal on-premise assets as well as in the public and private cloud," stated Joel Ferman, Vice President of Marketing at InMage Systems, in this SYS-CON.tv interview at the 14th International Cloud Expo® (http://www.CloudComputingExpo.com/), held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.
SYS-CON Events announced today that Harbinger Systems will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Harbinger Systems is a global company providing software technology services. Since 1990, Harbinger has developed a strong customer base worldwide. Its customers include software product companies ranging from hi-tech start-ups in Silicon Valley to leading product companies in the US and large in-house IT organizations.
“Distrix fits into the overall cloud and IoT model around software-defined networking. There’s a broad category around software-defined networking that’s focused on data center, and we focus on the WAN,” explained Jay Friedman, President of Distrix, in this SYS-CON.tv interview at the Internet of @ThingsExpo, held June 10-12, 2014, at the Javits Center in New York City. Internet of @ThingsExpo 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world.
“Dell Cloud Manager is a cloud management environment for the consumption of cloud resources and we provide a consistent interface, both in terms of API and in terms of user interface for doing a wide variety of activities core to deploying and operating software in cloud," explained James Urquhart, Technologist & Director of Cloud Management Solutions at Dell, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.