The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Articles Forum
Traits of a Security-Conscious Developer

1 reply on 1 page. Most recent reply: May 29, 2007 9:00 PM by Joao Pedrosa

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 1 reply on 1 page
Frank Sommers

Posts: 2642
Nickname: fsommers
Registered: Jan, 2002

Traits of a Security-Conscious Developer Posted: May 29, 2007 7:30 PM
Reply to this message Reply
Advertisement
In this installment of JavaOne 2007 interviews, Fortify Software's Barmak Meftah and FindBugs creator Bill Pugh talk about what makes a security-conscious developer, and what developers can do to write more secure code:

http://www.artima.com/lejava/articles/javaone_2007_barmak_meftah.html

What have you found to be the single most important step to follow to ensure that you're writing secure code?


Joao Pedrosa

Posts: 114
Nickname: dewd
Registered: Dec, 2005

Re: Traits of a Security-Conscious Developer Posted: May 29, 2007 9:00 PM
Reply to this message Reply
Just try to keep the redundancies low by adopting conventions and façades to avoid extra complexity which might both hide security problems and make it harder to keep track of problematic code to easily fix it when necessary. The conventions and façades need to tackle the security concerns as much as possible, of course. :-)

Also, beware of exposing services on the Internet, even if they are meant to be accessed from your proprietary and difficult to reverse-engineer clients. As much as possible, you can trust only in your server-side code. Unfortunately, thin-clients may help reduce the exposed APIs of your server/client code, despite being poorer than "rich-clients".

Finally, once you use code from third parties, you may not be able to control the quality/security of it anymore. Think PHP libraries for instance. So it's up to you to balance your needs.

Flat View: This topic has 1 reply on 1 page
Topic: Concurrency as an Externalized Aspect Previous Topic   Next Topic Topic: Jacob Lehrbaum Explains JavaFX Mobile
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use