Java Reference
In-Depth Information
[Oracle 2013c]
Java Platform Standard Edition 7 Documentation. Oracle (2013).
ht-
[Oracle 2013d]
Oracle Security Alert for CVE-2013-0422. Oracle (2013).
[OWASP 2009]
Session Fixation in Java. OWASP (2009).
https://www.owasp.org/in-
[OWASP 2011]
Cross-site Scripting (XSS). OWASP (2011).
www.owasp.org/index.php/
[OWASP 2012]
“Why Add Salt?” Hashing Java. OWASP (2012).
www.owasp.org/in-
[OWASP 2013]
OWASP Guide Project. The Open Web Application Security Project
(OWASP) (2013).
www.owasp.org/index.php/OWASP_Guide_Project
[Paar 2010]
Paar, Christof, and Jan Pelzl.
Understanding Cryptography: A Textbook for
Students and Practitioners
. Heidelberg, NY: Springer (2010).
[Pistoia 2004]
Pistoia, Marco, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin.
Enterprise Java
™
Security: Building Secure J2EE
™
Applications
.Boston, MA: Addison-
Wesley (2004).
[Policy 2010]
Default Policy Implementation and Policy File Syntax, Document revision
1.6. Oracle (2010).
http://docs.oracle.com/javase/1.4.2/docs/guide/security/Poli-
[SCG 2010]
Secure Coding Guidelines for the Java Programming Language, Version 4.0.
Oracle (2010).
www.oracle.com/technetwork/java/seccodeguide-139067.html
[Seacord 2009]
Seacord,RobertC.
The CERT
®
C Secure Coding Standard
.Boston,MA:
Addison-Wesley (2009).
[Seacord 2012]
Seacord, Robert C., Will Dormann, James McCurley, Philip Miller,
RobertStoddard,DavidSvoboda,andJeffersonWelch.
Source Code Analysis Laboratory
(SCALe)
(CMU/SEI-2012-TN-013). Pittsburgh, PA: Carnegie Mellon University (2012).
[Seacord 2013]
Seacord, Robert C.
Secure Coding in C and C++, Second Edition.
Bo-
ston, MA: Addison-Wesley (2013). See
www.cert.org/books/secure-coding
for news and
errata.
[SecuritySpec 2010]
Java Security Architecture. Oracle (2010).
http://docs.oracle.com/
[Sen 2007]
Sen, Robi. Avoid the Dangers of XPath Injection. IBM developerWorks