I am trying to become an expert in source code review in java application
security. Are there any experts on this list that are willing to share some
of their knowledge? I am reading Java Security by Scott Oaks and I am
rereading all of the Sun Docs on java security. Any help would be greatly
Dear Matt,
If you want to get familiar with common Java specific security errors
enlisted by different vulnerability categories, the Fortify taxonomy might
give you a comprehensive overview:
http://www.fortify.com/vulncat/en/vulncat/index.html
Open Java/JSP in the tree on the left, and
I wrote a thesis on Java SE security. In addition to covering secure coding
practices, I also created a number of test cases and subjected them to a
suite of static analysis tools.
A ton has been said over the years. I tried to organize it all into a
taxonomy rooted in design principles. You
The Common Weakness Enumeration (CWE) has a view of issues that can
occur in Java applications.
See: http://cwe.mitre.org/data/slices/660.html for a listing of all the
details or: http://cwe.mitre.org/data/lists/660.html for a list of the
items where the names are hyper-links to the content
