CERT has also a many rules for Java (good and bad examples) as part of their secure coding practices. You can find that here: https://www.securecoding.cert.org/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java
Romain - Security consultant, Cigital ________________________________________ From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] On Behalf Of Martin, Robert A. [ramar...@mitre.org] Sent: Thursday, April 01, 2010 2:49 PM To: Matt Parsons Cc: SC-L@securecoding.org Subject: Re: [SC-L] working on java security help from experts The Common Weakness Enumeration (CWE) has a "view" of issues that can occur in Java applications. See: http://cwe.mitre.org/data/slices/660.html for a listing of all the details or: http://cwe.mitre.org/data/lists/660.html for a list of the items where the names are hyper-links to the content about them. The entries include description, code examples, real world CVE examples of the issue in many cases, references and in most cases pointers to the attack patterns effective against the issue. Bob Matt Parsons wrote: > I am trying to become an expert in source code review in java application > security. Are there any experts on this list that are willing to share some > of their knowledge? I am reading Java Security by Scott Oaks and I am > rereading all of the Sun Docs on java security. Any help would be greatly > appreciated. > > Thanks, > Matt > > Matt Parsons, MSM, CISSP > 315-559-3588 Blackberry > 817-294-3789 Home office > "Do Good and Fear No Man" > Fort Worth, Texas > A.K.A The Keyboard Cowboy > mailto:mparsons1...@gmail.com > http://www.parsonsisconsulting.com > http://www.o2-ounceopen.com/o2-power-users/ > http://www.linkedin.com/in/parsonsconsulting > http://parsonsisconsulting.blogspot.com/ > http://www.vimeo.com/8939668 > > [cid:image001.jpg@01CAD11E.CF635CA0] > > [cid:image002.jpg@01CAD11E.CF635CA0] > > > > > > > > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
