Deliver to your Kindle or other device


Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering) [Kindle Edition]

Fred Long , Dhruv Mohindra , Robert C. Seacord , Dean F. Sutherland , David Svoboda
4.0 out of 5 stars  See all reviews (2 customer reviews)

Print List Price: £25.99
Kindle Price: £18.21 includes VAT* & free wireless delivery via Amazon Whispernet
You Save: £7.78 (30%)
* Unlike print books, digital books are subject to VAT.


Amazon Price New from Used from
Kindle Edition £18.21  
Paperback £19.17  
Kindle Daily Deal
Kindle Daily Deal: At least 60% off
Each day we unveil a new book deal at a specially discounted price--for that day only. Learn more about the Kindle Daily Deal or sign up for the Kindle Daily Deal Newsletter to receive free e-mail notifications about each day's deal.

Special Offers and Product Promotions

  • Purchase any Kindle Book sold by and receive £1 credit to try out our Digital Music Store. Here's how (terms and conditions apply)

Product Description


"This set of Java™ Coding Guidelines, a follow-on to the earlier The CERT® Oracle Secure Coding Standard for Java™, is invaluable. This book could almost be retitled Reliable Java™ Coding Guidelines. One of the things that has struck me over the years is the interplay between reliability and security. There are all sorts of explicit security tools—cryptography, authentication, and others—but most break-ins are exploitations of bugs: coding that was badly done or that was insufficiently defensive. Building a reliable system is, in many ways, equivalent to building a secure system. The work you do in reliability pays off in security, and vice versa.

"This book highlights the fact that security is not a feature; it is an attitude toward taking due care at every point. It should be a continuous part of every software engineer’s design thought process. It is organized around a list of guidelines. The meat of the book is the subtlety behind them. For example, “Store passwords using a hash function” appears to be a very basic and obvious point, and yet there are regular news articles about major data breaches just because some software engineer wasn’t thinking. Getting it right is tricky: there are a lot of details for the devil to hide in. This book is full of excellent guidance for dealing with those details."
—James A. Gosling

Product Description

“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”

–Mary Ann Davidson, Chief Security Officer, Oracle Corporation  

Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.


Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.


You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.


Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.


With a Foreword by James A. Gosling, Father of the Java Programming Language

Product details

  • Format: Kindle Edition
  • File Size: 16295 KB
  • Print Length: 304 pages
  • Simultaneous Device Usage: Up to 5 simultaneous devices, per publisher limits
  • Publisher: Addison-Wesley Professional; 1 edition (23 Aug 2013)
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • ASIN: B00EQ8D31A
  • Text-to-Speech: Enabled
  • X-Ray:
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: #168,828 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

More About the Authors

Discover books, learn about writers, and more.

Customer Reviews

5 star
3 star
2 star
1 star
4.0 out of 5 stars
4.0 out of 5 stars
Most Helpful Customer Reviews
4.0 out of 5 stars Good book to have on the desk 9 Jun 2014
Format:Paperback|Verified Purchase
If you are programming systems in java then (hopefully) you should be thinking about security first. This is a great little book which is too the point and well explained.
Comment | 
Was this review helpful to you?
4.0 out of 5 stars A must read for all Java developers 13 Mar 2014
Format:Kindle Edition|Verified Purchase
Secure coding is often a sadly neglected area in software development - after all you can't ship a product that doesn't work but you can ship one that is insecure.

Well this is a book that can allow any Java developer to start to understand some of the pitfalls and helping to make their code more secure. It's split into five broad chapters covering categories of guidelines, defensive programming and reliability for example, and then lists a number of guidelines to follow. These take the same format of explaining the problem and then showing non-complaint and compliant code fragments.

This is a excellent way to gain understanding as it's in language that developers can understand and it also explains why the guideline should be followed. Why do I think this is important - firstly it's easy to relate to code fragments and just as importantly explaining the reasoning allows a developer to apply this to other situations and not just blindly follow a standard.

Overall this is highly recommended as even though many developers will find some of the guidelines obvious, there's nothing wrong with reminders as doing what we know we should do, but also a wealth of new information.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on (beta) 4.6 out of 5 stars  7 reviews
4 of 4 people found the following review helpful
5.0 out of 5 stars Requires reading for every Java programmer 8 Oct 2013
By Ben Rothke - Published on
Last month, noted reported Dan Goodin wrote in Security of Java takes a dangerous turn for the worse that people need to beware of increasingly advanced Java exploits. He noted that Java, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits.

While Java insecurity may seem inevitable, it does not have to be, thanks to a great new book out. Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs is a follow-up to The CERT Oracle Secure Coding Standard for Java.

It is hard to find a company today that does not have at least a few developers coding in Java. Many large enterprises have scores of Java developers. While Java has robust security controls, they are only as robust as they are correctly implemented.
The book has 75 guidelines in which to write secure Java code. Each guideline includes detailed requirements for compliance and example of non-compliant code to avoid, which is included.

While some of the guidelines are obvious, such as not storing unencrypted sensitive information on the client side and storing passwords using a hash function, many of them are new to the uninitiated Java programmer, which is why this book is greatly needed.

This book should be in the hands of anyone that codes in Java. If a developer is not trained to write secure code, it's inevitable that their code will be insecure.

James Gosling, the creator of Java writes in the forward that Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs highlights the fact that information security is not a feature; rather it's an attitude toward taking due care at every point. Gosling found that the book is full of excellent guidance for dealing with those details. Take his word for it and get a copy.
4 of 4 people found the following review helpful
5.0 out of 5 stars A must read for Java developers... and a great read for other developers!! 7 Oct 2013
By T. Anderson - Published on
Although this book is written for the Java programmer, I would recommend reading it to any .NET or iOS developer as well. It is a must read for the Java developer, but is also a valuable read for developers of other languages because the guidelines are often built around a programmer's intent.

No matter what language you use most, many of the intentions that are targeted by the guidelines are the same. Do I wish there was a C# and Objective-C version of this book? Heck Yeah!!! But, one of the things that helped get to a deeper understanding of the guidelines was thinking about where and how they apply to C# and Objective-C. There is Secure Coding in C and C++ (Second Edition) and The CERT C Secure Coding Standard which are both great too.

The guidelines are broken down by chapter. The book also has an appendix that lists all 75 guidelines and whether or not the guideline is applicable to Android development. I have listed the chapters below. I have also included an overview of what the guidelines in the chapters are targeting as described in the introduction to the chapters.

Chapter 1. Security
1. Dealing with sensitive data
2. Avoiding common injection attacks
3. Language features that can be misused to compromise security
4. Details of Java's fine-grained security mechanism

Chapter 2. Defensive Programming
The guidelines in this chapter address areas of the Java language that can help to constrain the effect of an error or help to recover from an error. A good overall principle for defensive programming is simplicity. If a construct turns out to be complicated to implement, consider redesigning or refactoring it to reduce the complexity.

Chapter 3. Reliability
1. Guidelines that help reduce errors, and are consequently important for developing reliable Java code.
2. Guidelines that contain specific Java coding recommendations to improve software reliability

Chapter 4. Program Understandability
Program understandability is the ease with which the program can be understood--that is, the ability to determine what a program does and how it works by reading its source code and accompanying documentation. Some guidelines in this chapter are stylistic in nature; they will help a Java programmer to write clearer, more readable code. Failure to follow these guidelines could result in obscure code and design defects.

Chapter 5. Programmer Misconceptions
1. Misconceptions about Java APIs and language features
2. Assumptions and ambiguity-laced programs
3. Situations in which the programmer wanted to do one thing but ended up doing another

Appendix A: Android
This appendix describes the applicability of the guidelines in this book to developing Java apps for the Android platform.

I really liked the way the chapter on defensive programming brought the goal of simplicity to the forefront. One of the hardest things to do is maintain simplicity when coding. Often times getting through very complex situations ends with a lot of the code being in a state where it can be refactored into much cleaner code.

I find one of the biggest mistakes programmers make is saying they will come back to it later and clean it up. They honestly have the best intention of doing that and sometimes even come back to do that. When they do they realize that the big ball of mud they made just getting the problem resolved will take too much time to relearn. What they had done two weeks prior gets left alone with the thought, it isn't broke, so I'll just leave it. Cleaning it up while it is fresh in your head is what needs to become a habit, otherwise never cleaning up will become your habit.

One of the really nice features of the book is that the author's include references to the rules that apply from The CERT Oracle Secure Coding Standard for Java. All of the rules are available on line- just google "CERT Oracle Secure Coding Standard for Java". Once there you just plug the code used in the book into the search and you're taken to the rule. The rule has more information and more code samples.

They also include references back to the online The Java Virtual Machine Specification- Java SE 7 Edition. Having these references really helps you get any additional information to help you fully understand the topic at hand.

Another thing I really like is that they show tons of noncompliant code examples and compliant solutions. It really helps to have the examples along with the explanations.

In the beginning of the book the authors say "While primarily designed for building reliable and secure systems, these guidelines are also useful for achieving other quality attributes such as safety, dependability, robustness, availability, and maintainability." I must agree and say that they have really provided a treasure chest of wisdom in this book. Following the guidelines in this book will go a long way in helping you achieve the quality attributes listed above in your architecture.

All in all I highly recommend this book to all Java developers. It is a must read for you. I also recommend to developers of other languages that want to gain new insight into guidelines that they can apply in their language of choice.
2 of 3 people found the following review helpful
4.0 out of 5 stars 4.5 stars for being clear and to the point 20 Oct 2013
By Jeanne Boyarsky - Published on
This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.

Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.

I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.

I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.

The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title. I wanted to give it 4.5 stars to reflect I rated it higher than the 4 stars I gave to the other.

Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
5.0 out of 5 stars Very Useful for Java Developers 13 Mar 2014
By Laughing Man - Published on
Format:Paperback|Verified Purchase
I used quite a few of these recommendations in my Java apps, and now they work great and are more secure. Anyone who is a Java developer or a software analyst should read this book.
4.0 out of 5 stars Recommended reading 19 Dec 2013
By Angel M. Cereijo - Published on
Format:Kindle Edition|Verified Purchase
The book is a recommended lecture to every java programmer.
It's a easy and quickly reading for a low price.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category