In this session, the authors of The CERT Oracle Secure Coding Standard for Java describe how this standard can be used to secure your Java projects. They examine the dos and don’ts of several secure coding rules, focusing on rule violations that have resulted in real-world vulnerabilities in fielded systems. They also discuss how conformance to the coding standard can be enforced by static analysis and the Source Code Analysis Lab (SCALe).
David Svoboda is a Software Security Engineer at CERT/SEI. He co-authored _Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs_ and _The CERT Oracle Secure Coding Standard for Java_. He also maintains the CERT Secure Coding standard websites for Java, as well as C, C++, and Perl, and he has taught Secure Coding in C and C++ all over the world, to various groups in the military, government, and banking industries.
View more trainings by David Svoboda at https://www.parleys.com/author/david-svoboda
Robert C. Seacord is the Secure Coding Initiative Technical Manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania and and project manager for the Software Developer Certification project. Robert is also a professor in the School of Computer and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), and The CERT Oracle Secure Coding Standard for Java (Addison-Wesley, 2011). He has also published more than 40 papers on software security, component-based software engineering, Web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert has been teaching Secure Coding in C and C to private industry, academia, and government since 2005. He started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He represents CMU at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.
View more trainings by Robert Seacord at https://www.parleys.com/author/robert-seacord
Find more related tutorials at https://www.parleys.com/category/developer-training-tutorials