|By Tad Anderson||
|October 11, 2013 08:00 AM EDT||
|Although this book is written for the Java programmer, I would recommend reading it to any .NET or iOS developer as well. It is a must read for the Java developer, but is also a valuable read for developers of other languages because the guidelines are often built around a programmer's intent.
No matter what language you use most, many of the intentions that are targeted by the guidelines are the same. Do I wish there was a C# and Objective-C version of this book? Heck Yeah!!! But, one of the things that helped get to a deeper understanding of the guidelines was thinking about where and how they apply to C# and Objective-C. There is Secure Coding in C and C++ (Second Edition) and The CERT C Secure Coding Standard which are both great too.
The guidelines are broken down by chapter. The book also has an appendix that lists all 75 guidelines and whether or not the guideline is applicable to Android development. I have listed the chapters below. I have also included an overview of what the guidelines in the chapters are targeting as described in the introduction to the chapters.
Chapter 1. Security
1. Dealing with sensitive data
2. Avoiding common injection attacks
3. Language features that can be misused to compromise security
4. Details of Java’s fine-grained security mechanism
Chapter 2. Defensive Programming
The guidelines in this chapter address areas of the Java language that can help to constrain the effect of an error or help to recover from an error. A good overall principle for defensive programming is simplicity. If a construct turns out to be complicated to implement, consider redesigning or refactoring it to reduce the complexity.
Chapter 3. Reliability
1. Guidelines that help reduce errors, and are consequently important for developing reliable Java code.
2. Guidelines that contain specific Java coding recommendations to improve software reliability
Chapter 4. Program Understandability
Program understandability is the ease with which the program can be understood—that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation. Some guidelines in this chapter are stylistic in nature; they will help a Java programmer to write clearer, more readable code. Failure to follow these guidelines could result in obscure code and design defects.
Chapter 5. Programmer Misconceptions
1. Misconceptions about Java APIs and language features
2. Assumptions and ambiguity-laced programs
3. Situations in which the programmer wanted to do one thing but ended up doing another
Appendix A: Android
This appendix describes the applicability of the guidelines in this book to developing Java apps for the Android platform.
I really liked the way the chapter on defensive programming brought the goal of simplicity to the forefront. One of the hardest things to do is maintain simplicity when coding. Often times getting through very complex situations ends with a lot of the code being in a state where it can be refactored into much cleaner code.
I find one of the biggest mistakes programmers make is saying they will come back to it later and clean it up. They honestly have the best intention of doing that and sometimes even come back to do that. When they do they realize that the big ball of mud they made just getting the problem resolved will take too much time to relearn. What they had done two weeks prior gets left alone with the thought, it isn't broke, so I'll just leave it. Cleaning it up while it is fresh in your head is what needs to become a habit, otherwise never cleaning up will become your habit.
One of the really nice features of the book is that the author's include references to the rules that apply from The CERT Oracle Secure Coding Standard for Java. All of the rules are available on line- just google "CERT Oracle Secure Coding Standard for Java". Once there you just plug the code used in the book into the search and you're taken to the rule. The rule has more information and more code samples.
They also include references back to the online The Java Virtual Machine Specification- Java SE 7 Edition. Having these references really helps you get any additional information to help you fully understand the topic at hand.
Another thing I really like is that they show tons of noncompliant code examples and compliant solutions. It really helps to have the examples along with the explanations.
In the beginning of the book the authors say "While primarily designed for building reliable and secure systems, these guidelines are also useful for achieving other quality attributes such as safety, dependability, robustness, availability, and maintainability." I must agree and say that they have really provided a treasure chest of wisdom in this book. Following the guidelines in this book will go a long way in helping you achieve the quality attributes listed above in your architecture.
All in all I highly recommend this book to all Java developers. It is a must read for you. I also recommend to developers of other languages that want to gain new insight into guidelines that they can apply in their language of choice.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products an...
Feb. 25, 2017 07:45 PM EST Reads: 375
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Feb. 25, 2017 07:30 PM EST Reads: 1,797
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Feb. 25, 2017 07:00 PM EST Reads: 1,670
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
Feb. 25, 2017 06:45 PM EST Reads: 1,932
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Feb. 25, 2017 06:30 PM EST Reads: 1,385
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Feb. 25, 2017 05:45 PM EST Reads: 2,216
Updating DevOps to the latest production data slows down your development cycle. Probably it is due to slow, inefficient conventional storage and associated copy data management practices. In his session at @DevOpsSummit at 20th Cloud Expo, Dhiraj Sehgal, in Product and Solution at Tintri, will talk about DevOps and cloud-focused storage to update hundreds of child VMs (different flavors) with updates from a master VM in minutes, saving hours or even days in each development cycle. He will also...
Feb. 25, 2017 05:15 PM EST Reads: 2,680
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
Feb. 25, 2017 05:00 PM EST Reads: 2,917
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Feb. 25, 2017 04:45 PM EST Reads: 1,736
Some people worry that OpenStack is more flash then substance; however, for many customers this could not be farther from the truth. No other technology equalizes the playing field between vendors while giving your internal teams better access than ever to infrastructure when they need it. In his session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will talk through some real-world OpenStack deployments and look into the ways this can benefit customers of all sizes....
Feb. 25, 2017 04:30 PM EST Reads: 1,454
In his session at @ThingsExpo, Sudarshan Krishnamurthi, a Senior Manager, Business Strategy, at Cisco Systems, will discuss how IT and operational technology (OT) work together, as opposed to being in separate siloes as once was traditional. Attendees will learn how to fully leverage the power of IoT in their organization by bringing the two sides together and bridging the communication gap. He will also look at what good leadership must entail in order to accomplish this, and how IT managers ca...
Feb. 25, 2017 04:15 PM EST Reads: 1,816
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
Feb. 25, 2017 04:15 PM EST Reads: 1,774
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Feb. 25, 2017 03:30 PM EST Reads: 2,492
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
Feb. 25, 2017 03:30 PM EST Reads: 1,591
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
Feb. 25, 2017 03:15 PM EST Reads: 2,005
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
Feb. 25, 2017 02:30 PM EST Reads: 1,749
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
Feb. 25, 2017 02:15 PM EST Reads: 1,737
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Feb. 25, 2017 02:15 PM EST Reads: 2,305
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
Feb. 25, 2017 02:00 PM EST Reads: 1,989
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
Feb. 25, 2017 02:00 PM EST Reads: 4,058