Books & Videos

Table of Contents

Chapter: Introduction

Secure Coding Rules for Java: Introduction

02m 10s

Chapter: Lesson 1: Java Security Concepts

Injection attacks

15m 46s

Leaking sensitive data

05m 4s

Denial-of-service attacks

08m 1s

Chapter: Lesson 2: Input Validation and Data Sanitization (IDS)

IDS00-J. Prevent SQL Injection

08m 54s

IDS01-J. Normalize strings before validating them

05m 4s

IDS03-J. Do not log unsanitized user input

03m 32s

IDS04-J. Safely extract files from ZipInputStream

05m 10s

IDS06-J. Exclude unsanitized user input from format strings

05m 47s

IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method

03m 32s

IDS08-J. Sanitize untrusted data passed to a regex

04m 20s

IDS11-J. Perform any string modifications before validation

07m 12s

IDS16-J. Prevent XML Injection

09m 34s

IDS17-J. Prevent XML External Entity Attacks

06m 19s

Chapter: Lesson 3: Declarations and Initialization (DCL):

DCL00-J. Prevent class initialization cycles

05m 10s

Chapter: Lesson 4: Expressions (EXP)

EXP00-J. Do not ignore values returned by methods

02m 15s

EXP01-J. Never dereference null pointers

05m 13s

EXP02-J. Do not use the Object.equals () method to compare two arrays

03m 27s

EXP03-J. Do not use the equality operators when comparing values of boxed primitives

07m 43s

EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type

04m 38s

EXP06-J. Expressions used in assertions must not produce side effects

01m 35s

Chapter: Lesson 5: Numeric Types and Operations (NUM)

NUM00-J. Detect or prevent integer overflow

06m 3s

NUM01-J. Do not perform bitwise and arithmetic operations on the same data

03m 43s

NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors

00m 54s

NUM03-J. Use integer types that can fully represent the possible range of unsigned data

02m 58s

NUM04-J. Do not use floating-point numbers if precise computation is required

02m 26s

NUM05-J. Do not use denormalized numbers

03m 9s

NUM07-J. Do not attempt comparisons with NaN

01m 27s

NUM08-J. Check floating-point inputs for exceptional values

03m 32s

NUM09-J. Do not use floating-point variables as loop counters

02m 2s

NUM10-J. Do not construct BigDecimal objects from floating-point literals

01m 7s

NUM11-J. Do not compare or inspect the string representation of floating-point values

01m 53s

NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data

05m 1s

NUM13-J. Avoid loss of precision when converting primitive integers to floating-point

02m 57s

Chapter: Lesson 6: Characters and Strings (STR)

STR00-J. Don't form strings containing partial characters from variable-width encodings

13m 31s

STR01-J. Do not assume that a Java char fully represents a Unicode code point

10m 15s

STR02-J. Specify an appropriate locale when comparing locale-dependent data

03m 44s

STR03-J. Do not encode non-character data as a string

04m 22s

STR04-J. Use compatible character encodings when communicating string data between JVMs

02m 5s