Secure Coding mailing list archives
working on java security help from experts
From: chrisisbeef at gmail.com (Chris Schmidt)
Date: Sun, 4 Apr 2010 18:21:31 -0600
Also be sure to check on http://www.owasp.org as there is a *ton* of great information on the site. Here are some good starting points: http://www.owasp.org/index.php/Category:OWASP_Java_Project http://www.owasp.org/index.php/Category:Java And also some good information on doing code review in general: http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents On Thu, Apr 1, 2010 at 2:29 PM, Romain Gaucher <rgaucher at cigital.com> wrote:
CERT has also a many rules for Java (good and bad examples) as part of their secure coding practices. You can find that here: https://www.securecoding.cert.org/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java Romain - Security consultant, Cigital ________________________________________ From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Martin, Robert A. [ramartin at mitre.org] Sent: Thursday, April 01, 2010 2:49 PM To: Matt Parsons Cc: SC-L at securecoding.org Subject: Re: [SC-L] working on java security help from experts The Common Weakness Enumeration (CWE) has a "view" of issues that can occur in Java applications. See: http://cwe.mitre.org/data/slices/660.html for a listing of all the details or: http://cwe.mitre.org/data/lists/660.html for a list of the items where the names are hyper-links to the content about them. The entries include description, code examples, real world CVE examples of the issue in many cases, references and in most cases pointers to the attack patterns effective against the issue. Bob Matt Parsons wrote:I am trying to become an expert in source code review in java applicationsecurity. Are there any experts on this list that are willing to share some of their knowledge? I am reading Java Security by Scott Oaks and I am rereading all of the Sun Docs on java security. Any help would be greatly appreciated.Thanks, Matt Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 [cid:image001.jpg at 01CAD11E.CF635CA0] [cid:image002.jpg at 01CAD11E.CF635CA0]_______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
-- Chris Schmidt OWASP ESAPI Developer http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Check out OWASP ESAPI for Java http://code.google.com/p/owasp-esapi-java/ OWASP ESAPI for JavaScript http://code.google.com/p/owasp-esapi-js/ Yet Another Developers Blog http://yet-another-dev.blogspot.com Bio and Resume http://www.digital-ritual.net/resume.html -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100404/19fca51e/attachment.htm>
Current thread:
- working on java security help from experts Erno JEGES (Apr 01)
- <Possible follow-ups>
- working on java security help from experts Mike Ware (Apr 01)
- working on java security help from experts Martin, Robert A. (Apr 01)
- working on java security help from experts Romain Gaucher (Apr 01)
- working on java security help from experts Chris Schmidt (Apr 04)
- working on java security help from experts Romain Gaucher (Apr 01)