Java Reference
In-Depth Information
10.4.7 Throw Early and Catch Late
his essentially means that the developer should throw an exception as soon as it occurs and catch
it late, waiting until all the information to handle it properly is collected and ready. his is prob-
ably the most important principle about exception handling.
10.5 Summary
We have delved into some of the secure coding practices that need to be followed to comprehen-
sively develop a secure Web application. Secure coding practices need to supplement a robust
access control mechanism, encryption system, and logging to be a truly secure Web application.
Most Web application attacks like XSS and SQL injection are caused as a result of nonsecure
coding practices. We explored the need to validate user input and encode Web application out-
put. hese practices prevent injection attacks, where attackers try to compromise the application
through the use of script injection or SQL injection attacks. We also explored some of the Java
packages, classes, and interfaces like
Regex
,
StringEscapeUtils
,
and
URLEncode
, which
provide an efective measure of security against the said injection attacks. We also delved into
secure database operations and the need to parameterize database queries with the aid of the
PreparedStatement
class in Java. Finally, we explored some concepts of error and exception
handling and highlighted some best practices with respect to security.
Search WWH ::
Custom Search