I have published an (Turkish) article about secure coding guidelines for Java within OWASP-Turkey Documents. The article aims at helping IT-architects and developers to understand the main security aspects during design and development phases.
The guideline contains generic countermeasures (e.g. Do not write repeated codes) as well as Java-specific countermeasures (e.g. How to use doPrivileged() method in a secure way). It is mainly grouped into the following sections:
- Design
- Confidentiality and Privacy
- Access Control
- Input Validation
- Serialization
The main references for the article are as follows:
- Secure Coding Guidelines for the Java Programming Language, http://java.sun.com/security/seccodeguide.html
- The CERT Oracle Secure Coding Standard for Java,
https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java
The article is available in OWASP-Turkey Documents. You can download it in the Publications section as well.
1 Comment
Filed under:
Secure Coding, Secure SDLC
