Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Repair the link to Security Issues in Garbage Collection

Anchor
Abadi 96
Abadi 96
Wiki Markup\
[Abadi 96\] Prudent Engineering Practice for Cryptographic Protocols, by Martin Abadi and Roger Needham, IEEE Transactions on Software Engineering Volume 22, Issue 1, Jan 1996 Page(s):6 - 15. (1996) AnchorAPI 06API 06

Wiki Markup
\[API 06\] [Java Platform, Standard Edition 6 API Specification|http://java.sun.com/javase/6/docs/api/], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Austin 00\] [Advanced Programming for the Java 2 Platform|http://java.sun.com/developer/onlineTraining/Programming/JDCBook/index.html#contents], by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)

...

Wiki Markup
\[Bea 08\] [Packaging WebLogic Server J2EE Applications|http://edocs.bea.com/wls/docs61/programming/packaging.html] (2008)

...

Wiki Markup
\[Bloch 01\] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)

...

Wiki Markup
\[Bloch 05\] Javaâ„¢ Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)

...

Wiki Markup
\[Bloch 05b\] [Yet More Programming Puzzlers|http://gceclub.sun.com.cn/java_one_online/2005/TS-3738/], by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)

...

Wiki Markup
\[Bloch 07\] [Effective Javaâ„¢ Reloaded: This Time It's (not) for Real|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2689.pdf], by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a81cae6-01aa-405e-bd05-0b8d3927fdc4"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>

...

Wiki Markup
\[Bloch 08\] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)

...

Wiki Markup
\[Bloch 09\] [Return of the Puzzlers: Schlock and Awe|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-5186.pdf], by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)

...

Wiki Markup
\[Boehm 05\] Finalization, Threads, and the Javaâ„¢ Technology-Based Memory Model, by Hans-J. Boehm. JavaOne Conference. (2005)

...

Wiki Markup
\[Campione 96\] [The Java Tutorial, by Mary Campione and Kathy Walrath|http://www.telecom.ntua.gr/HTML.Tutorials/index.html] (1996)

...

Wiki Markup
\[CCITT 88\] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva.  (1988)

...

Wiki Markup
\[Chan 99\] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)

...

Wiki Markup
\[Chess 07\] Secure Programming with Static Analysis, by Brian Chess and Jacob West. Addison-Wesley Professional. (2007)

...

Wiki Markup
\[Christudas 05\] [Internals of Java Class Loading|http://www.onjava.com/pub/a/onjava/2005/01/26/classloading.html], ONJava. (2005)

...

Wiki Markup
\[Conventions 09\] [Code Conventions for the Java Programming Language|http://java.sun.com/docs/codeconv/]. Sun Microsystems, Inc. (2009)

...

Wiki Markup
\[CVE 08\] Common Vulnerability Exposure, MITRE Corporation. (2008)

...

Wiki Markup
\[Coomes 07\] [Garbage Collection-Friendly Programming|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2906.pdf] by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)

...

Wiki Markup
\[Core Java 04\] Core Javaâ„¢ 2 Volume I - Fundamentals, Seventh Edition by Cay S. Horstmann, Gary Cornell. Prentice Hall PTR. (2004)

...

Wiki Markup
\[Cunningham 95\] "The CHECKS Pattern Language of Information Integrity", Pattern Languages of Program Design, by Ward Cunningham, edited by James O Coplien and Douglas C Schmidt. Addison-Wesley. (1995)

...

Wiki Markup
\[Daconta 00\] [When Runtime.exec() won't|http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html], by Michael C. Daconta, JavaWorld.com.  (2000)

...

Wiki Markup
\[Daconta 03\] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)

...

Wiki Markup
\[Unicode 08\] [Unicode Standard Annex #15, Unicode Normalization Forms|http://unicode.org/reports/tr15/], by Mark Davis and Martin Dürst. (2008)

...

Wiki Markup
\[Unicode 08b\] [Unicode Technical Report #36, Unicode Security Considerations|http://www.unicode.org/reports/tr36/], by Mark Davis and Michel Suignard. (2008)

...

Wiki Markup
\[Dormann 08\] [Signed Java Applet Security: Worse than ActiveX?|http://www.cert.org/blogs/vuls/2008/06/signed_java_security_worse_tha.html], by Will Dormann. CERT Vulnerability Analysis Blog. (2008)

...

Wiki Markup
\[Darwin 04\] Java Cookbook, by Ian F. Darwin (2004)

...

1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6–15.

Anchor
Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

 

Anchor
AndroidAPI 13
AndroidAPI 13

[Android API 2013] Android API. Package Index, Android, 2013.

Anchor
AndroidGuides 13
AndroidGuides 13

[Android Guide 2013] Android API Guides, Introduction to Android, Android, 2013.

Anchor
AndroidSecurity
AndroidSecurity

[Android Security] Security Tips, Android Training.

Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.

Anchor
Apache 15
Apache 15

[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.

Anchor
API 06
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011.

Anchor
API 12
API 12

[API 2012] Java Platform, Standard Edition 7 API Specification, Oracle, 2012.

Anchor
API 13
API 13

[API 2013] Java Platform, Standard Edition 7 API Specification, Oracle, 2013.

Anchor
J2EE API 13
J2EE API 13

[J2EE API 2013] Java Platform, Extended Edition 7 API Specification, Oracle, 2013.

Anchor
API 14
API 14

[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle, 2014.

Anchor
Arnold 06
Arnold 06

[Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java Programming Language, 4th ed., Addison-Wesley, Boston, 2006.

Anchor
Austin 00
Austin 00

[Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform, Addison-Wesley Longman, Boston, 2000.

Anchor
Black 04
Black 04

[Black 2004] Paul E. Black and Paul J. Tanenbaum, partial order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.

Anchor
Black 06
Black 06

[Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.

Anchor
Bloch 01
Bloch 01

[Bloch 2001] Joshua Bloch, Effective Java: Programming Language Guide, Addison-Wesley Professional, Boston, 2001.

Anchor
Bloch 05
Bloch 05

[Bloch 2005a] Joshua Bloch and Neal Gafter, Java™ Puzzlers: Traps, Pitfalls, and Corner Cases, Addison-Wesley Professional, Boston, 2005.

Anchor
Bloch 05b
Bloch 05b

[Bloch 2005b] Joshua Bloch and Neal Gafter, Yet More Programming Puzzlers, JavaOne Conference, 2005.

Anchor
Bloch 07
Bloch 07

[Bloch 2007] Joshua Bloch, Effective Java™ Reloaded: This Time It's (Not) for Real, JavaOne Conference, 2007.

Anchor
Bloch 08
Bloch 08

[Bloch 2008] Joshua Bloch, Effective Java™: Programming Language Guide, 2nd ed., Addison-Wesley Professional, Boston, 2008.

Anchor
Bloch 09
Bloch 09

[Bloch 2009] Joshua Bloch and Neal Gafter, Return of the Puzzlers: Schlock and Awe, JavaOne Conference, 2009.

Anchor
Boehm 05
Boehm 05

[Boehm 2005] Hans-J. Boehm, Finalization, Threads, and the Java™ Technology-Based Memory Model, JavaOne Conference, 2005.

Anchor
Campione 96
Campione 96

[Campione 1996] Mary Campione and Kathy Walrath, The Java Tutorial: Object-Oriented Programming for the Internet, Addison-Wesley, Reading, MA, 1996.

Anchor
CCITT 88
CCITT 88

[CCITT 1988] International Telegraph and Telephone Consultative Committee (CCITT). CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988.

Anchor
Chan 99
Chan 99

[Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, The Java Class Libraries: Supplement for the Java 2 Platform, Volume 1.2, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 1999.

Anchor
Chess 07
Chess 07

[Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, 2007.

Anchor
Chen 14
Chen 14

[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers.", 2014.

Anchor
Chin 11
Chin 11

[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, Analyzing Inter-Application Communication in Android, Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.

Anchor
Christudas 05
Christudas 05

[Christudas 2005] Internals of Java Class Loading, ONJava, 2005.

Anchor
Cohen 81
Cohen 81

[Cohen 1981] On Holy Wars and a Plea for Peace, IEEE Computer, Volume 14, Issue 10, 1981.

Anchor
Conventions 09
Conventions 09

[Conventions 2009] Code Conventions for the Java Programming Language, Sun Microsystems, 2009.

Anchor
Coomes 07
Coomes 07

[Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, Garbage Collection-Friendly Programming, Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007.

Anchor
Core Java 04
Core Java 04

[Core Java 2004] Cay S. Horstmann and Gary Cornell, Core Java™ 2, Volume I, Fundamentals, 7th ed., Prentice Hall PTR, Boston, 2004.

Anchor
Coverity 07
Coverity 07

[Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity, 2007.

Anchor
Cunningham 95
Cunningham 95

[Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in Pattern Languages of Program Design, James O. Coplien and Douglas C. Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995.

Anchor
CVE 11
CVE 11

[CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011.

Anchor
Daconta 00
Daconta 00

[Daconta 2000] Michael C. Daconta, When Runtime.exec() Won't, JavaWorld.com, 2000.

Anchor
Daconta 03
Daconta 03

[Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio, and W. Clay Richardson, More Java Pitfalls, Wiley, New York, 2003.

Anchor
Darwin 04
Darwin 04

[Darwin 2004] Ian F. Darwin, Java Cookbook, O'Reilly, Sebastopol, CA, 2004.

Anchor
Davis 08
Davis 08

[Davis 2008a] Mark Davis and Ken Whistler, Unicode Standard Annex #15, Unicode Normalization Forms, 2008.

Anchor
Davis 08b
Davis 08b

[Davis 2008b] Mark Davis and Michel Suignard, Unicode Technical Report #36, Unicode Security Considerations, 2008.

Anchor
Dennis 1966
Dennis 1966

[Dennis 1966] Jack B. Dennis and Earl C. Van Horn, Programming Semantics for Multiprogrammed Computations, Communications of the ACM, Volume 9, Issue 3, March 1966, pp. 143–155, DOI=10.1145/365230.365252.

Anchor
DHS 06
DHS 06

[DHS 2006] Build Security In, U.S. Department of Homeland Security, 2006.

Anchor
Dormann 08
Dormann 08

[Dormann 2008] Will Dormann, Signed Java Applet Security: Worse than ActiveX?, CERT Vulnerability Analysis Blog, 2008.

Anchor
Doshi 03
Doshi 03

[Doshi 2003] Gunjan Doshi, Best Practices for Exception Handling, ONJava.com, 2003.

Anchor
Dougherty 2009
Dougherty 2009

[Dougherty 2009] Chad Dougherty, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi, Secure Design Patterns, CMU/SEI-2009-TR-010, Defense Technical Information Center, Ft. Belvoir, VA, 2009.

Anchor
Eclipse 08
Eclipse 08

[Eclipse 2008] The Eclipse Platform, 2008.

Anchor
Egele 2013
Egele 2013

[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.

Anchor
EMA 2011
EMA 2011
Anchor
EMA 14
EMA 14

[EMA 2014] Java SE Documentation, Extension Mechanism Architecture, Oracle, 1993, 2014.

Anchor
Enck 09
Enck 09

[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.

Anchor
Encodings 2014
Encodings 2014

[Encodings 2014] Supported Encodings, Oracle, 2014.

Anchor
Enterprise 03
Enterprise 03

[Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.

Anchor
ESA 05
ESA 05

[ESA 2005] Java Coding Standards, prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005.

Anchor
Fahl 2012
Fahl 2012

[Fahl 2012]  Fahl, Sascha, et al. "Why Eve and Mallory love Android: An analysis of Android SSL (in) security." Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, 2012.

Anchor
Fairbanks 07
Fairbanks 07

[Fairbanks 2007] Design Fragments, Defense Technical Information Center, Ft. Belvoir, VA, 2007.

Anchor
FindBugs 08
FindBugs 08

[FindBugs 2008] FindBugs Bug Descriptions, 2008.

Anchor
Fisher 03
Fisher 03

[Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, JDBC API Tutorial and Reference, 3rd ed., Addison-Wesley, Boston, 2003.

Anchor
Flanagan 05
Flanagan 05

[Flanagan 2005] David Flanagan, Java in a Nutshell, 5th ed., O'Reilly, Sebastopol, CA, 2005.

Anchor
Forman 05
Forman 05

[Forman 05] Ira R. Forman and Nate Forman, Java Reflection in Action, Manning Publications, Greenwich, CT, 2005.

Anchor
Fortify 08
Fortify 08
Anchor
Fortify 14
Fortify 14

[Fortify 2014] A Taxonomy of Coding Errors That Affect Security, Java/JSP, Fortify Software, 2014.

Anchor
Fox 01
Fox 01

[Fox 2001] Joshua Fox, When Is a Singleton Not a Singleton?, Sun Developer Network, 2001.

Anchor
Fritz 2014
Fritz 2014

[Fritz 2014] C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein,Y. le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proc. PLDI, 2014. To appear.

Anchor
FT 08
FT 08

[FT 2008] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions, 2008.

Anchor
Gafter 06
Gafter 06

[Gafter 2006] Neal Grafter, Neal Gafter's blog, 2006.

Anchor
Gamma 95
Gamma 95

[Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley Professional, Boston, 1995.

Anchor
Garfinkel 96
Garfinkel 96

[Garfinkel 1996] Simson Garfinkel and Gene Spafford, Practical UNIX & Internet Security, 2nd ed., O'Reilly, Sebastopol, CA, 1996.

Anchor
Garms 01
Garms 01

[Garms 2001] Jess Garms and Daniel Somerfield, Professional Java Security, Wrox Press, Chicago, 2001.

Anchor
GNU 13
GNU 13

[GNU 2013] GNU Coding Standards, Section 5.3, "Clean Use of C Constructs," Richard Stallman and other GNU Project volunteers, 2013

Anchor
Goetz 02
Goetz 02

[Goetz 2002] Brian Goetz, Java Theory and Practice: Don't Let the "this" Reference Escape during Construction, IBM developerWorks (Java technology), 2002.

Anchor
Goetz 04
Goetz 04

[Goetz 2004a] Brian Goetz, Java Theory and Practice: Garbage Collection and Performance, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 04b
Goetz 04b

[Goetz 2004b] Brian Goetz, Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check?, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 04c
Goetz 04c

[Goetz 2004c] Brian Goetz, Java Theory and Practice: Going Atomic, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 05
Goetz 05

[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.

Anchor
Goetz 06
Goetz 06

[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, 2006.

Anchor
Goetz 06b
Goetz 06b

[Goetz 2006b] Brian Goetz, Java Theory and Practice: Good Housekeeping Practices, IBM developerWorks (Java technology), 2006.

Anchor
Goetz 07
Goetz 07

[Goetz 2007] Brian Goetz, Java Theory and Practice: Managing Volatility, Guidelines for Using Volatile Variables, IBM developerWorks (Java technology), 2006.

Anchor
Goldberg 91
Goldberg 91

[Goldberg 1991] David Goldberg, What Every Computer Scientist Should Know about Floating-Point Arithmetic, Sun Microsystems, March 1991.

Anchor
Gong 03
Gong 03

[Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Prentice Hall, Boston, 2003.

Anchor
Goodliffe 07
Goodliffe 07

[Goodliffe 2014] Pete Goodliffe, Code Craft: The Practice of Writing Excellent Code, No Starch Press, San Francisco, 2007

Anchor
Grand 02
Grand 02

[Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002.

Anchor
Gray 1985
Gray 1985

[Gray 1985] Jim Gray,  Tandem TR 85.7 WHY DO COMPUTERS STOP AND WHAT CAN BE DONE ABOUT IT?, 1985.

Anchor
Greanier 00
Greanier 00

[Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000.

Anchor
Green 08
Green 08

[Green 2008] Roedy Green, Canadian Mind Products Java & Internet Glossary, 2008.

Anchor
Grigg 06
Grigg 06

[Grigg 2006] Jeffery Grigg, Reflection On Inner Classes, 2006.

Anchor
Grosso 01
Grosso 01

[Grosso 2001] William Grosso, Java RMI, O'Reilly, Sebastopol, CA, 2001.

Anchor
Grubb 03
Grubb 03

[Grubb 2003] Penny Grubb and Armstrong A. Takang, Software Maintenance: Concepts and Practice, 2nd ed., World Scientific, River Edge, NJ, 2003.

Anchor
Guillardoy 12
Guillardoy 12

[Guillardoy 2012] Esteban Guillardoy, Java 0Day Analysis (CVE-2012-4681), 2012.

Anchor
Gupta 05
Gupta 05

[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005.

Anchor
Haack 06
Haack 06

[Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, Immutable Objects in Java, 2006.

Anchor
Haggar 00
Haggar 00

[Haggar 2000] Peter Haggar, Practical Java™ Programming Language Guide, Addison-Wesley Professional, Boston, 2000.

Anchor
Halloway 00
Halloway 00

[Halloway 2000] Stuart Halloway, Java Developer Connection Tech Tips, March 28, 2000.

Anchor
Halloway 01
Halloway 01

[Halloway 2001] Stuart Halloway, Java Developer Connection Tech Tips, January 30, 2001.

Anchor
Harold 97
Harold 97

[Harold 1997] Elliotte Rusty Harold, Java Secrets, Wiley, New York, 1997.

Anchor
Harold 99
Harold 99

[Harold 1999] Elliotte Rusty Harold, Java I/O, O'Reilly, Sebastopol, CA, 1999.

Anchor
Harold 06
Harold 06

[Harold 2006] Elliotte Rusty Harold, Java I/O, 2nd ed., O'Reilly, Sebastopol, CA, 2006.

Anchor
Hatton 1995
Hatton 1995

[Hatton 1995] Les Hatton, Safer C: Developing Software for High-Integrity and Safety-Critical Systems, McGraw-Hill, New York, 1995.

Anchor
Hawtin 08
Hawtin 08

[Hawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities, Sun Microsystems, Make it Fly 2008, London, 2008.

Anchor
Havelund 09
Havelund 09

[Havelund 2009] Klaus Havelund and Al Niessner, JPL Coding Standard, version 1.1, California Institute of Technology, 2009.

Anchor
Heffley 2004
Heffley 2004

[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04), Track 9, Volume 9, IEEE Computer Society, January 2004.

Anchor
Henney 03
Henney 03

[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.

Anchor
HP 15
HP 15

[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Passwords Never Clear in Text, Hirondelle Systems, 2013.

Anchor
Hitchens 02
Hitchens 02

[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.

Anchor
Hovemeyer 07
Hovemeyer 07

[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.

Anchor
Howard 02
Howard 02

[Howard 2002] Michael Howard and David C. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, Redmond, WA, 2002.

Anchor
Hughes 11
Hughes 11

[Hughes 2011] Elliott Hughes, JNI Local Reference Changes in ICS, November 2011.

Anchor
Hunt 98
Hunt 98

[Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, Software IEEE Proceedings, 1998.

Anchor
IEC 60812 2006
IEC 60812 2006

[IEC 60812 2006] Analysis Techniques for System Reliability — Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed., International Electrotechnical Commission, Geneva, Switzerland, 2006.

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006.

Anchor
IETF OAuth1.0a
IETF OAuth1.0a

 [IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

Anchor
IETF OAuth2.0
IETF OAuth2.0

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Anchor
Intrepidus 2012
Intrepidus 2012

[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012.

Anchor
ISO/IEC 11889-1-2009
ISO/IEC 11889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: International Organization for Standardization, March 2013.

Anchor
J2SE 00
J2SE 00

[J2SE 2000] Java™ 2 SDK, Standard Edition Documentation, Sun Microsystems, J2SE Documentation version 1.3, Sun Microsystems, 2000.

Anchor
J2SE 11
J2SE 11

[J2SE 2011] Java™ SE 7 Documentation, J2SE Documentation version 1.7, Oracle Corporation, 2011.

Anchor
JarSpec 08
JarSpec 08

[JarSpec 2008] J2SE Documentation version 1.5, Jar File Specification, Sun Microsystems, 2000.

Anchor
Java 06
Java 06

[Java 2006] Java - The Java Application Launcher, Sun Microsystems, 2006.

Anchor
Java2NS 99
Java2NS 99

[Java2NS 1999] Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani, Java 2 Network Security, Prentice Hall, Upper Saddle River, NJ, 1999.

Anchor
JavaGenerics 04
JavaGenerics 04

[JavaGenerics 2004] Oracle, Generics, Sun Microsystems, 2004.

Anchor
JavaThreads 99
JavaThreads 99

[JavaThreads 1999] Scott Oaks and Henry Wong, Java Threads, 2nd ed., O'Reilly, Sebastopol, CA, 1999.

Anchor
JavaThreads 04
JavaThreads 04

[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004.

Anchor
Tutorials 08
Tutorials 08
Anchor
Java Tutorials
Java Tutorials
Anchor
Tutorials 15
Tutorials 15

[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.

Anchor
JCF 14
JCF 14

[JCF 2014] The Java Collections Framework, Oracle, 2014.

Anchor
JDK Bug 15
JDK Bug 15

[JDK Bug 2015] JDK Bug System, Oracle, 2015.

Anchor
JDK7 08
JDK7 08

[JDK7 2008] Java™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.

Anchor
JLS 05
JLS 05

[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.

Anchor
JLS 14
JLS 14
Anchor
JLS 15
JLS 15
Anchor
JLS 2015
JLS 2015

[JLS 2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The Java® Language Specification, Java SE 8 Edition,   2015.

Anchor
JMX 06
JMX 06

[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.

Anchor
JMXG 06
JMXG 06

[JMXG 2006] Java SE Monitoring and Management Guide, Sun Microsystems, 2006.

Anchor
JNI 06
JNI 06

[JNI 2006] Java Native Interface, Sun Microsystems, 2006.

Anchor
JNISpec 14
JNISpec 14

[JNISpec 2014] Java Native Interface Specification, Oracle, 2014.

Anchor
JNItips
JNItips

[JNI Tips] Java Tips, Android Training.

Anchor
Jovanovic 06
Jovanovic 06

[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 258–263, May 21–24, 2006.

Anchor
JPDA 04
JPDA 04

[JPDA 2004] Java Platform Debugger Architecture (JPDA), Sun Microsystems, 2004.

Anchor
JPL 06
JPL 06

[JPL 2006] Ken Arnold, James Gosling, and David Holmes, The Java™ Programming Language, 4th ed., Addison-Wesley Professional, Boston, 2006.

Anchor
JSR-133 04
JSR-133 04

[JSR-133 2004] JSR-133: Java™ Memory Model and Thread Specification, 2004.

Anchor
JSSEC 13
JSSEC 13

[JSSEC 2013] Android Secure Design and Coding Guidebook, (in Japanese),Japan Smartphone Security Association, 2013.

Anchor
JSSEC 14
JSSEC 14

[JSSEC 2014] Android Application Secure Design / Secure Coding Guidebook, Japan Smartphone Security Association, 2014.

Anchor
JVMTI 06
JVMTI 06

[JVMTI 2006] Java Virtual Machine Tool Interface (JVM TI), Sun Microsystems, 2006.

Anchor
JVMSpec 99
JVMSpec 99

[JVMSpec 1999] The Java Virtual Machine Specification, Sun Microsystems, 1999.

Anchor
Kabanov 09
Kabanov 09

[Kabanov 2009] Jevgeni Kabanov, The Ultimate Java Puzzler, February 16th, 2009.

Anchor
Kabutz 01
Kabutz 01

[Kabutz 2001] Heinz M. Kabutz, The Java Specialists' Newsletter, 2001.

Anchor
Kalinovsky 04
Kalinovsky 04

[Kalinovsky 2004] Alex Kalinovsky, Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, SAMS Publishing, Boston, 2004.

Anchor
Klieber 2014
Klieber 2014

[Klieber 2014] William Klieber, Lori Flynn, Amar Bhosale, Limin Jia, and Lujo Bauer. Android Taint Flow Analysis for App Sets, ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis, 2014.

Anchor
Knoernschild 01
Knoernschild 01

[Knoernschild 2001] Kirk Knoernschild, Java™ Design: Objects, UML, and Process, Addison-Wesley Professional, Boston, 2001.

Anchor
Lai 08
Lai 08

[Lai 2008] Charlie Lai, Java Insecurity: Accounting for Subtleties That Can Compromise Code, 2008.

Anchor
Langer 08
Langer 08

[Langer 2008] Angelica Langer, Practicalities – Programming with Java Generics, 2008.

Anchor
Laplante 05
Laplante 05

[Laplante 2005] Phillip A. Laplante, Colin J. Neill, Antipatterns: Identification, Refactoring, and Management, Auerbach Publications, Boca Raton, FL, 2005.

Anchor
Lea 00
Lea 00

[Lea 2000a] Doug Lea, Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

Anchor
Lea 00b
Lea 00b

[Lea 2000b] Doug Lea and William Pugh, Correct and Efficient Synchronization of Java™ Technology based Threads, JavaOne Conference, 2000.

Anchor
Lea 08
Lea 08

[Lea 2008] Doug Lea, The JSR-133 Cookbook for Compiler Writers, 2008.

Anchor
Lee 09
Lee 09

[Lee 2009] Sangjin Lee, Mahesh Somani, and Debashis Saha, Robust and Scalable Concurrent Programming: Lessons from the Trenches, JavaOne Conference, 2009.

Anchor
Liang 97
Liang 97

[Liang 1997] Sheng Liang, The Java™ Native Interface, Programmer's Guide and Specification, Addison-Wesley Professional, Reading, MA, 1997.

Anchor
Liang 98
Liang 98

[Liang 1998] Sheng Liang and Gilad Bracha, Dynamic Class Loading in the Java™ Virtual Machine, Proceedings of the 13th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, 1998.

Anchor
Lieberman 86
Lieberman 86

[Lieberman 1986] Henry Lieberman, Using Prototypical Objects to Implement Shared Behavior in Object-Oriented Systems, Proceedings on Object-Oriented Programming, Systems, Languages, and Applications, pp. 214–223 (ISSN 0362-1340), Massachusetts Institute of Technology, 1986.

Anchor
Lo 05
Lo 05

[Lo 2005] Chia-Tien Dan Lo, Witawas Srisa-an, and J. Morris Chang, Security Issues in Garbage Collection, STSC Crosstalk, October 2005.

Anchor
Long 05
Long 05

[Long 2005] Fred Long, Software Vulnerabilities in Java, CMU/SEI-2005-TN-044, Software Engineering Institute, Carnegie Mellon University, 2005.

Anchor
Long 13
Long 13

[Long 2013] Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, and David Svoboda, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, Addison-Wesley Professional, Reading, MA, 2013.

Anchor
LSOD 02
LSOD 02

[LSOD 02] Last Stage of Delirium Research Group, Java and Java Virtual Machine Security. Poland: Last Stage of Delirium Research Group, 2002.

Anchor
Low 97
Low 97

[Low 1997] Douglas Low, Protecting Java Code via Obfuscation, Crossroads Volume 4, Issue 3, 1997.

Anchor
MacGregor 98
MacGregor 98

[MacGregor 1998] Robert MacGregor, Dave Durbin, John Owlett, and Andrew Yeomans, Java Network Security, Prentice Hall PTR, Upper Saddle River, NJ, 1998.

Anchor
Mahmoud 02
Mahmoud 02

[Mahmoud 2002] Qusay H. Mahmoud, Compressing and Decompressing Data Using Java APIs, Oracle, 2002.

Anchor
Mak 02
Mak 02

[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002.

Anchor
Manson 08
Manson 08

[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.

Anchor
Manson 04
Manson 04

[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.

Anchor
Manson 06
Manson 06

[Manson 2006] Jeremy Manson and William Pugh, The Java™ Memory Model: The Building Block of Concurrency, JavaOne Conference, 2006.

Anchor
Martin 96
Martin 96

[Martin 1996] Robert C. Martin, Granularity, 1996.

Anchor
Masson 2011
Masson 2011

[Masson 2011] Neil D. Masson, Tip: Secure Your Code against the Finalizer Vulnerability, IBM developerWorks, 2011.

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] Glen McCluskey, Java Developer Connection Tech Tips, April 10, 2001.

Anchor
McGraw 99
McGraw 99

[McGraw 1999] Gary McGraw and Edward W. Felten, Securing Java, Getting Down to Business with Mobile Code, Wiley, New York, 1999.

Anchor
Mcgraw 98
Mcgraw 98

[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rules for Developing More Secure Java Code, JavaWorld.com, 1998.

Anchor
Mettler 2010A
Mettler 2010A

[Mettler 2010a] Adrian Mettler, David Wagner, and T. Close, Joe-E: A Security-Oriented Subset of Java, 17th Network & Distributed System Security Symposium, 2010.

Anchor
Mettler 2010B
Mettler 2010B

[Mettler 2010b] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI=10.1145/1814217.1814224, 2010.

Anchor
Miller 09
Miller 09

[Miller 2009] Alex Miller, Java™ Platform Concurrency Gotchas, JavaOne Conference, 2009.

Anchor
MITRE 2011
MITRE 2011

[MITRE 2011] MITRE Corporation, Common Weakness Enumeration, 2011.

Anchor
Mocha 07
Mocha 07

[Mocha 2007] Mocha, the Java Decompiler, 2007.

Anchor
Monsch 06
Monsch 06

[Monsch 2006] Jan P. Monsch, Ruining Security with java.util.Random Version 1.0, 2006.

Anchor
MSDN 09
MSDN 09

[MSDN 2009] Microsoft Corporation, Using SQL Escape Sequences, 2009.

Anchor
Muchow 01
Muchow 01

[Muchow 2001] John W. Muchow, MIDlet Packaging with J2ME, ONJava.com, 2001.

Anchor
Müller 02
Müller 02

[Müller 2002] Dr. Andreas Müller and Geoffrey Simmons, Exception Handling: Common Problems and Best Practice with Java 1.4, Sun Microsystems GmbH, 2002.

Anchor
Naftalin 06
Naftalin 06

[Naftalin 2006a] Maurice Naftalin and Philip Wadler, Java Generics and Collections, O'Reilly, Sebastopol, CA, 2006.

Anchor
Naftalin 06b
Naftalin 06b

[Naftalin 2006b] Maurice Naftalin and Philip Wadler, Java™ Generics and Collections: Tools for Productivity, JavaOne Conference, 2007.

Anchor
Netzer 92
Netzer 92

[Netzer 1992] Robert H. B. Netzer and Barton P. Miller, What Are Race Conditions? Some Issues and Formalization, University of Wisconsin, Madison, 1992.

Anchor
Neward 04
Neward 04

[Neward 2004] Ted Neward, Effective Enterprise Java, Addison-Wesley Professional, Boston, 2004.

Anchor
Nisewanger 07
Nisewanger 07

[Nisewanger 2007] Jeff Nisewanger, Avoiding Antipatterns, JavaOne Conference, 2007.

Anchor
Nolan 04
Nolan 04

[Nolan 2004] Godfrey Nolan, Decompiling Java, Apress, Berkley, CA, 2004.

Anchor
Oaks 01
Oaks 01

[Oaks 2001] Scott Oaks, Java Security, O'Reilly, Sebastopol, CA, 2001.

Anchor
Octeau 2013
Octeau 2013

[Octeau 2013] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective Inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis. In Proc. USENIX Security, 2013.

Anchor
Open Group 04
Open Group 04

[Open Group 2004] The IEEE and The Open Group, The Open Group Base Specifications Issue 6, 2004.

Anchor
Oracle 10
Oracle 10
Anchor
Oracle 10b
Oracle 10b

[Oracle 2010a] Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning, Oracle, 2010.

Anchor
Oracle 10b
Oracle 10b

[Oracle 2010b] New I/O APIs, Oracle, 2010.

Anchor
Oracle 11a
Oracle 11a

[Oracle 2011a] Java PKI Programmer's Guide, Oracle, 2011.

Anchor
Oracle 11b
Oracle 11b

[Oracle 2011b] Java Platform™, Standard Edition 6 Documentation, Oracle, 2011.

Anchor
Oracle 11c
Oracle 11c

[Oracle 2011c] Package javax.servelt.http, Oracle  2011.

Anchor
Oracle 11d
Oracle 11d

[Oracle 2011d] Permissions in the Java™ SE 6 Development Kit (JDK), Oracle, 2011.

Anchor
Oracle 13a
Oracle 13a

[Oracle 2013a] API for Privileged Blocks, Oracle, 1993/2013.

Anchor
Oracle 13b
Oracle 13b

[Oracle 2013b] Reading ASCII Passwords from an InputStream Example, Java Cryptography Architecture (JCA) Reference Guide, Oracle, 2013.

Anchor
Oracle 13c
Oracle 13c

[Oracle 2013c] Java Platform Standard Edition 7 Documentation, Oracle, 2013.

Anchor
Oracle 13d
Oracle 13d

[Oracle 2013d] Oracle Security Alert for CVE-2013-0422, Oracle, 2013.

Anchor
Oracle 14
Oracle 14

[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.

Anchor
Oracle 15
Oracle 15

[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.

Anchor
OWASP 07
OWASP 07

[OWASP 2007] OWASP Top 10 for Java EE, OWASP, 2007.

Anchor
OWASP 09
OWASP 09

[OWASP 2009] Double Encoding, OWASP, 2009.

Anchor
OWASP 11
OWASP 11

[OWASP 2011] Open Web Application Security Project (OWASP), 2011.

Anchor
OWASP 14a
OWASP 14a

[OWASP 2014a] Preventing LDAP Injection in Java, OWASP, 2014.

Anchor
OWASP 14
OWASP 14
Anchor
OWASP 14b
OWASP 14b

[OWASP 2014b]  XSS (Cross Site Scripting) Prevention Cheat Sheet, OWASP, 2014.

Anchor
PCI 10
PCI 10

[PCI 2010] PCI Security Standards Council, Payment Card Industry (PCI) Data Security Standard, Version 2.0, October, 2010.

Anchor
Permissions 08
Permissions 08

[Permissions 2008] Permissions in the Java™ SE 6 Development Kit (JDK), Sun Microsystems, 2008.

Anchor
Philion 03
Philion 03

[Philion 2003] Paul Philion, Beware the Dangers of Generic Exceptions, JavaWorld.com, 2003.

Anchor
Phillips 05
Phillips 05

[Phillips 2005] Addison P. Phillips, Are We Counting Bytes Yet?, 27th Internationalization and Unicode Conference, webMethods, 2005.

Anchor
Pistoia 04
Pistoia 04

[Pistoia 2004] Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin, Enterprise Java Security: Building Secure J2EE Applications, Addison-Wesley Professional, Boston, 2004.

Anchor
Policy 02
Policy 02

[Policy 2002] Sun Microsystems, Default Policy Implementation and Policy File Syntax, Document revision 1.6, 2002.

Anchor
Pugh 04
Pugh 04

[Pugh 2004] William Pugh, The Java Memory Model (discussions reference), 2004.

Anchor
Pugh 08
Pugh 08

[Pugh 2008] William Pugh, Defective Java Code: Turning WTF Code into a Learning Experience, JavaOne Conference, 2008.

Anchor
Pugh 09
Pugh 09

[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009.

Anchor
Rapid7 14
Rapid7 14

[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.

Anchor
Reasoning 03
Reasoning 03

[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.

Anchor
Reflect 06
Reflect 06

[Reflect 2006] Sun Microsystems, Reflection, 2006.

Anchor
Rogue 00
Rogue 00

[Rogue 2000] Vermeulen, Ambler, Metz, Misfeldt, Shur, and Thompson, The Elements of Java Style, Cambridge University Press, New York, 2000.

Anchor
Rotem 08
Rotem 08

[Rotem 2008] Arnon Rotem-Gal-Oz, Fallacies of Distributed Computing Explained, 2008.

Anchor
Roubtsov 03
Roubtsov 03

[Roubtsov 2003a] Vladimir Roubtsov, Breaking Java Exception-Handling Rules is Easy, JavaWorld.com, 2003.

Anchor
Roubtsov 03b
Roubtsov 03b

[Roubtsov 2003b] Vladimir Roubtsov, Into the Mist of Serialization Myths, JavaWorld.com, 2003.

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] J. H. Saltzer, Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] J. H. Saltzer and M. D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, Volume 63, Issue 9, 1975, 1278–1308.
Available at http://web.mit.edu/Saltzer/www/publications/protection/.

Anchor
SCG 09
SCG 09

[SCG 2009] Sun Microsystems, Secure Coding Guidelines for the Java Programming Language, version 3.0, 2009.

Anchor
Schildt 07
Schildt 07

[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.

Anchor
Schindler 12
Schindler 12

Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.

Anchor
Schneier 00
Schneier 00

[Schneier 2000] Bruce Schneier, Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.

Anchor
Schönefeld 02
Schönefeld 02

[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.

Anchor
Schönefeld 04
Schönefeld 04

[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.

Anchor
Schwarz 04
Schwarz 04

[Schwarz 2004] Don Schwarz, Avoiding Checked Exceptions, ONJava 2004.

Anchor
Schweisguth 03
Schweisguth 03

[Schweisguth 2003] Dave Schweisguth, Java Tip 134: When Catching Exceptions, Don't Cast Your Net Too Wide, Javaworld.com, 2003.

Anchor
SDN 08
SDN 08

[SDN 2008] Sun Microsystems, SUN Developer Network, 1994–2008.

Anchor
Seacord 05
Seacord 05

[Seacord 2005] Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Boston, 2005.

Anchor
Seacord 08
Seacord 08

[Seacord 2008] Robert C. Seacord,The CERT C Secure Coding Standard, Addison-Wesley Professional, Boston, 2008.

Anchor
Seacord 10
Seacord 10

[Seacord 2010] Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch, Source Code Analysis Laboratory (SCALe) for energy delivery systems, CMU/SEI-2010-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, December 2010.

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Addison-Wesley, Boston, 2013.

Anchor
Seacord2015
Seacord2015

[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.

Anchor
SecArch 06
SecArch 06

[SecArch 2006] Sun Microsystems, Java 2 Platform Security Architecture, 2006.

Anchor
Secunia 08
Secunia 08

[Secunia 2008] Secunia ApS, Secunia Advisories, 2008.

Anchor
Security 06
Security 06

[Security 2006] Java Security Guides, Sun Microsystems, 2006.

Anchor
SecuritySpec 08
SecuritySpec 08

[SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008.

Anchor
Sen 07
Sen 07

 [Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007.

Anchor
Shipilёv 2014
Shipilёv 2014

[Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.

Anchor
Steel 05
Steel 05

[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, Core Security Patterns: Best Practices and Strategies for J2EEâ„¢, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.

Anchor
Steele 1977
Steele 1977

[Steele 1977] G.L. Steele, Arithmetic Shifting Considered Harmful, ACM SIGPLAN Notices, Volume 12, Issue 11 (1977), 61–69.

Anchor
Steinberg 05
Steinberg 05

[Steinberg 2005] Daniel H. Steinberg, Java Developer Connection Tech Tips Using the Varargs Language Feature, January 4, 2005.

Anchor
Sterbenz 06
Sterbenz 06

[Sterbenz 2006] Andreas Sterbenz and Charlie Lai, Secure Coding Antipatterns: Avoiding Vulnerabilities, Sun Microsystems, JavaOne Conference, 2006.

Anchor
Steuck 02
Steuck 02

[Steuck 2002] Gregory Steuck, XXE (Xml eXternal Entity) Attack, 2002.

Anchor
Sun 99
Sun 99

[Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?, Sun Microsystems, 1999.

Anchor
Sun 02
Sun 02

[Sun 2002] Reflection, Sun Microsystems, 2002.

Anchor
Sun 03
Sun 03

[Sun 2003] Sun Microsystems, Sun ONE Application Server 7 Performance Tuning Guide, 2003.

Anchor
Sun 04a
Sun 04a

[Sun 2004a] Java Management Extensions (JMX), Sun Microsystems, 2004.

Anchor
Sun 04b
Sun 04b

[Sun 2004b] Java Object Serialization Specification, Version 1.5.0, Sun Microsystems, 2004.

Anchor
Sun 04d
Sun 04d

[Sun 2004d] JVM Tool Interface, Sun Microsystems, 2004.

Anchor
Sun 06
Sun 06

[Sun 2006] Java™ Platform, Standard Edition 6 documentation, Sun Microsystems, 2006.

Anchor
Sun 08
Sun 08

[Sun 2008] Java™ Plug-in and Applet Architecture, Sun Microsystems, 2008.

Anchor
Sutherland 10
Sutherland 10

[Sutherland 2010] Dean F. Sutherland and William L. Scherlis, Composable Thread Coloring, Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, Association for Computing Machinery, New York, 2010.

Anchor
Tanenbaum 03
Tanenbaum 03

[Tanenbaum 2003] Andrew S. Tanenbaum and Maarten Van Steen, Distributed Systems: Principles and Paradigms, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 2003.

Anchor
Techtalk 07
Techtalk 07

[Techtalk 2007] Josh Bloch and William Pugh, The PhantomReference Menace. Attack of the Clone. Revenge of the Shift, JavaOne Conference, 2007.

Anchor
Tomcat 09
Tomcat 09

[Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009.

Anchor
Unicode 2003
Unicode 2003

[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.

Anchor
Unicode 2007
Unicode 2007

[Unicode 2007] The Unicode Consortium, The Unicode Standard, Version 5.1.0, defined by The Unicode Standard, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by Unicode 5.1.0.

Anchor
Unicode 2011
Unicode 2011

[Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.

Anchor
Unicode 2012
Unicode 2012

[Unicode 2012] The Unicode Consortium. The Unicode Standard, Unicode 6.2.0, (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-936213-07-8)

Anchor
Urma 14
Urma 14

[Urma 2014] Raoul-Gabriel Urma, Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!, Oracle, March 2014.

Anchor
Venners 97
Venners 97

[Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997.

Anchor
Venners 03
Venners 03

[Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

Anchor
Verify
Verify

[Verify] Verifying App Behavior on the Android Runtime (ART), Android.

Anchor
Vermeulen 00
Vermeulen 00

[Vermeulen 2000] Allan Vermeulen, Scott W. Ambler, Greg Bumgardner, Eldon Metz, Trevor Misfeldt, Jim Shur, and Patrick Thompson. The Elements of Java Style. Cambridge University Press, New York, 2000.

Anchor
viaForensics 14
viaForensics 14

[viaForensics 2014] Secure mobile development best practices, viaForensics LLC., 2014.

Anchor
W3C 08
W3C 08

[W3C 2008] Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François Yergeau, Extensible Markup Language (XML) 1.0, 5th ed., W3C Recommendation, 2008.

Anchor
W3C 13
W3C 13

[W3C 2013] Andrei Popescu, Geolocation API Specification, W3C Recommendation, 2013.

Anchor
Ware 08
Ware 08

[Ware 2008] Michael S. Ware, Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools, Masters thesis, James Madison University, Harrisonburg, VA, 2008.

Anchor
Weber 09
Weber 09

[Weber 2009] Chris Weber, Exploiting Unicode-enabled Software, CanSecWest, March 2009.

Anchor
Wheeler 03
Wheeler 03

[Wheeler 2003] David A. Wheeler, Secure Programming for Linux and Unix HOWTO, 2003.

Anchor
White03
White03

[White 2003] Tom White, Memoization in Java Using Dynamic Proxy Classes, August 2003.

Anchor
Zukowski 04
Zukowski 04

[Zukowski 2004] John Zukowski, Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.

...

Wiki Markup
\[Doshi 03\] [Best Practices for Exception Handling|http://www.onjava.com/pub/a/onjava/2003/11/19/exceptions.html] by Gunjan Doshi. (2003)

...

Wiki Markup
\[Eclipse 08\] The Eclipse Platform (2008)

...

Wiki Markup
\[Encodings 06\] [Supported Encodings|http://java.sun.com/javase/6/docs/technotes/guides/intl/encoding.doc.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Enterprise 03\] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)

...

Wiki Markup
\[ESA 05\] [Java Coding Standards|ftp://ftp.estec.esa.nl/pub/wm/wme/bssc/Java-Coding-Standards-20050303-releaseA.pdf], prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)

...

Wiki Markup
\[FindBugs 08\] [FindBugs Bug Descriptions|http://findbugs.sourceforge.net/bugDescriptions.html] (2008)

...

Wiki Markup
\[Fisher 03\] JDBC API Tutorial and Reference, 3rd edition, by Maydene Fisher, Jon Ellis, and Jonathan Bruce, Prentice Hall, The Java Series. (2003)

...

Wiki Markup
\[Flanagan 05\] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)

...

Wiki Markup
\[Fortify 08\] [A Taxonomy of Coding Errors that Affect Security|http://www.fortify.com/vulncat/en/vulncat/index.html] Java/JSP, Fortify Software. (2008)

...

Wiki Markup
\[Fox 01\] When is a Singleton not a Singleton?, by Joshua Fox, Sun Developer Network (SDN) (2001)

...

Wiki Markup
\[FT 08\] [Function Table|http://www.stylusstudio.com/api/xalan-j_2_6_0/org/apache/xpath/compiler/FunctionTable.htm] Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)

...

Wiki Markup
\[Gamma 95\] Design Patterns: Elements of Reusable Object-Oriented Software, by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides. Addison-Wesley Professional Computing Series. (1995)

...

Wiki Markup
\[Garms 01\] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)

...

Wiki Markup
\[Goetz 02\] [Java theory and practice: Don't let the "this" reference escape during construction|http://www.ibm.com/developerworks/java/library/j-jtp0618.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)

...

Wiki Markup
\[Goetz 04\] [Java theory and practice: Garbage collection and performance|http://www.ibm.com/developerworks/java/library/j-jtp01274.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)

...

Wiki Markup
\[Goetz 04b\] [Java theory and practice: The exceptions debate: To check, or not to check?|http://www.ibm.com/developerworks/library/j-jtp05254.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)

...

Wiki Markup
\[Goetz 05\] [Java theory and practice: Be a good (event) listener, Guidelines for writing and supporting event listeners|http://www.ibm.com/developerworks/java/library/j-jtp07265/index.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)

...

Wiki Markup
\[Goetz 05b\] [Java theory and practice: Plugging memory leaks with weak references|http://www.ibm.com/developerworks/java/library/j-jtp11225/], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)

...

Wiki Markup
\[Goetz 06\] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)

...

Wiki Markup
\[Goetz 06b\] [Java theory and practice: Good housekeeping practices|http://www.ibm.com/developerworks/java/library/j-jtp03216.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)

...

Wiki Markup
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, Inc. March 1991. (1991)

...

Wiki Markup
\[Gong 03\] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)

...

Wiki Markup
\[Greanier 00\] [Discover the secrets of the Java Serialization API|http://java.sun.com/developer/technicalArticles/Programming/serialization/], by Todd Greanier, Sun Developer Network (SDN). (2000)

...

Wiki Markup
\[Green 08\] [Canadian Mind Products Java & Internet Glossary|http://mindprod.com/jgloss/jgloss.html] by Roedy Green. (2008)

...

Wiki Markup
\[Grosso 01\] [Java RMI|http://oreilly.com/catalog/javarmi/chapter/ch10.html], by William Grosso. O'Reilly. (2001)

...

Wiki Markup
\[Gupta 05\] [Java memory leaks - Catch me if you can|http://www.ibm.com/developerworks/rational/library/05/0816_GuptaPalanki/], by Satish Chandra Gupta and Rajeev Palanki. (2005)

...

Wiki Markup
\[Haack 06\] [Immutable Objects in Java|https://pms.cs.ru.nl/iris-diglib/src/getContent.php?id=2006-Haack-ObjectsImmutable], by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)

...

Wiki Markup
\[Haggar 00\] Practical Javaâ„¢ Programming Language Guide, by Peter Haggar. Addison-Wesley Professional. (2000)

...

Wiki Markup
\[Halloway 00\] Java Developer Connection Tech Tips, March 28, 2000, by Stuart Halloway.

...

Wiki Markup
\[Halloway 01\] [Java Developer Connection Tech Tips|http://web.mit.edu/java/JDCNewsletter/JDC-TECH1-01b], January 30, 2001, by Stuart Halloway.

...

Wiki Markup
\[Harold 97\] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)

...

Wiki Markup
\[Harold 99\] Java I/O, by Elliotte Rusty Harold. O'REILLY. (1999)

...

Wiki Markup
\[Harold 06\] Java I/O, by Elliotte Rusty Harold (2nd Edition). O'Reilley. (2006)

...

Wiki Markup
\[Hawtin 08\] [Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities|http://www.makeitfly.co.uk/Presentations/london-securecoding.pdf] by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)

...

Wiki Markup
\[Henney 03\] [Null Object, Something for Nothing|http://www.two-sdg.demon.co.uk/curbralan/papers/europlop/NullObject.pdf], by Kevlin Henney (2003)

...

Wiki Markup
\[Hitchens 02\] Javaâ„¢ NIO, by Ron Hitchens. O'Reilly. (2002) 

...

Wiki Markup
\[Hornig 07\] Advanced Javaâ„¢ Globalization, by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)

...

Wiki Markup
\[Hovemeyer 07\] Finding more null pointer bugs, but not too many, by David Hovemeyer and William Pugh. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. (2007)

...

Wiki Markup
\[Hunt 98\] Java's reliability: an analysis of software defects in Java, by J. Hunt and F. Long. Software IEE Proceedings. (1998)

...

Wiki Markup
\[J2SE 00\] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems, Inc. [J2SE Documentation version 1.3|http://java.sun.com/j2se/1.3/docs/guide/], Sun Microsystems, Inc. (2000)

...

Wiki Markup
\[JarSpec 08\] J2SE Documentation version 1.5, [Jar File Specification|http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html], Sun Microsystems, Inc.  (2000)

...

Wiki Markup
\[Java 06\] [java - the Java application launcher|http://java.sun.com/javase/6/docs/technotes/tools/windows/java.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Java2NS 99\] Java 2 Network Security, by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok K. Ramani. IBM Corporation. (1999)

...

Wiki Markup
\[JavaGenerics 04\]&nbsp;\[[http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html]\], Sun Microsystems, Inc. (2004)

...

Wiki Markup
\[JavaThreads 99\] Java Threads (2nd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (1999)

...

Wiki Markup
\[JavaThreads 04\] Java Threads (3rd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (2004)

...

Wiki Markup
\[JDK7 08\] [Javaâ„¢ Platform, Standard Edition 7 documentation|http://download.java.net/jdk7/docs/], Sun Microsystems, Inc., 19 Dec 2008. (2008)

...

Wiki Markup
\[JLS 05\] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. [The Java Language Specification.|http://java.sun.com/docs/books/jls/index.html] (2005)

...

Wiki Markup
\[JPL 05\] The Javaâ„¢ Programming Language, Fourth Edition, by Ken Arnold, James Gosling, David Holmes. Addison Wesley Professional. (2005)

...

Wiki Markup
\[JMX 06\] [Monitoring and Management for the Java Platform|http://java.sun.com/javase/6/docs/technotes/guides/management/index.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[JMXG 06\] [Java SE Monitoring and Management Guide|http://java.sun.com/javase/6/docs/technotes/guides/management/toc.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[JNI 06\] [Java Native Interface|http://java.sun.com/javase/6/docs/technotes/guides/jni/index.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[JPDA 04\] [Java Platform Debugger Architecture (JPDA)|http://java.sun.com/javase/6/docs/technotes/guides/jpda/index.html], Sun Microsystems, Inc. (2004)

...

Wiki Markup
\[JVMTI 06\] [Java Virtual Machine Tool Interface (JVM TI)|http://java.sun.com/javase/6/docs/technotes/guides/jvmti/index.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[JVMSpec 99\] [The Java Virtual Machine Specification|http://java.sun.com/docs/books/jvms/], Sun Microsystems, Inc. (1999)

...

Wiki Markup
\[Kabanov 09\] [The Ultimate Java Puzzler|http://dow.ngra.de/2009/02/16/the-ultimate-java-puzzler/] by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)

...

Wiki Markup
\[Kabutz 01\] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)

...

Wiki Markup
\[Kalinovsky 04\] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing.  (2004)

...

Wiki Markup
\[Knoernschild 01\]  Javaâ„¢ Design: Objects, UML, and Process, by Kirk Knoernschild. Addison-Wesley Professional. (2001)

...

Wiki Markup
\[Lai 08\]&nbsp;[Java Insecurity: Accounting for Subtleties That Can Compromise Code, by Charlie Lai, Sun Microsystems|http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4420062] (2008)

...

Wiki Markup
\[Langer 08\] [http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html|http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html], Angelica Langer. (2008)

...

Wiki Markup
\[Lea 00\] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems, Inc. (2000)

...

Wiki Markup
\[Lea 00b\] [Correct and Efficient Synchronization of Javaâ„¢ Technology based Threads|http://www.cs.umd.edu/~pugh/java/memoryModel/TS-754.pdf], by Doug Lea and William Pugh. JavaOne Conference. (2000)

...

Wiki Markup
\[Lee 09\] [Robust and Scalable Concurrent Programming: Lessons from the Trenches|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-4620.pdf], by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)

...

Wiki Markup
\[Liang 97\] The Javaâ„¢ Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)

...

Wiki Markup
\[Liang 98\] [Dynamic Class Loading in the Javaâ„¢  Virtual Machine|http://portal.acm.org/citation.cfm?doid=286936.286945], by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)

...

Wiki Markup
\[Lieberman 86\] [Using prototypical objects to implement shared behavior in object-oriented systems|http://portal.acm.org/citation.cfm?id=28718]. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986) 

...

Wiki Markup
\[Long 05\] [Software Vulnerabilities in Java|http://www.sei.cmu.edu/publications/documents/05.reports/05tn044.html], by Fred Long, CMU/SEI-2005-TN-044. (2005)

...

Wiki Markup
\[Lo 05\] [Security Issues in Garbage Collection|http://www.stsc.hill.af.mil/crosstalk/2005/10/0510DanLo.html], by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)

...

Wiki Markup
\[Low 97\] [Protecting Java Code via Obfuscation|http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation.html], by Douglas Low. (1997)

...

Wiki Markup
\[Macgregor 98\] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)

...

Wiki Markup
\[Martin 96\] [Granularity|http://www.objectmentor.com/resources/articles/granularity.pdf], by Robert C. Martin. (1996)

...

Wiki Markup
\[McCluskey 01\] Java Developer Connection Tech Tips, by Glen McCluskey, April 10, 2001. (2001)

...

Wiki Markup
\[McGraw 00\] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)

...

Wiki Markup
\[Mcgraw 98\] [Twelve rules for developing more secure Java code|http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html], Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)

...

Wiki Markup
\[Miller 09\] [Javaâ„¢ Platform Concurrency Gotchas|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-4863.pdf], by Alex Miller, Terracotta. JavaOne Conference. (2009)

...

Wiki Markup
\[MITRE 09\] [Common Weakness Enumeration|http://cwe.mitre.org/], MITRE Corporation. (2009)

...

Wiki Markup
\[Mocha 07\] [Mocha, the Java Decompiler|http://www.brouhaha.com/~eric/software/mocha/] (2007)

...

Wiki Markup
\[Monsch 06\] [Ruining Security with java.util.Random|http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p] Version 1.0, by Jan P. Monsch. (2006)

...

Wiki Markup
\[MSDN 09\] [Using SQL Escape Sequences|http://msdn.microsoft.com/en-us/library/ms378045(SQL.90).aspx], Microsoft Corporation. (2009)

...

Wiki Markup
\[Muchow 01\] [MIDlet Packaging with J2ME|http://www.onjava.com/pub/a/onjava/2001/04/26/midlet.html], by John W. Muchow (2001)

...

Wiki Markup
\[Müller 02\] [Exception Handling: Common Problems and Best Practice with Java 1.4|http://www.old.netobjectdays.org/pdf/02/papers/industry/1430.pdf] by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)

...

Wiki Markup
\[Naftalin 06\] Java Generics and Collections, Maurice Naftalin and  Philip Wadler, O'Reilly (2006)

...

Wiki Markup
\[Naftalin 06b\] [Javaâ„¢ Generics and Collections: Tools for Productivity|http://gceclub.sun.com.cn/java_one_online/2007/pdf/TS-2890.pdf], by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)

...

Wiki Markup
\[Neward 04\] Effective Enterprise Java, by Ted Neward. Addison Wesley Professional. (2004)

...

Wiki Markup
\[Nisewanger 07\] [Avoiding Antipatterns, by Jeff Nisewanger, JavaOne Conference|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2594.pdf] (2007)

...

Wiki Markup
\[Nolan 04\] Decompiling Java, by Godfrey Nolan, [Apress|http://www.apress.com/]. (2004)

...

Wiki Markup
\[Oaks 01\] Java Security, by Scott Oaks. O'REILLY. (2001)

...

Wiki Markup
\[OWASP 05\] [A Guide to Building Secure Web Applications and Web Services|http://internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0.1.pdf]. The Open Web Application Security Project. (2005)

...

Wiki Markup
\[OWASP 08\] [OWASP|http://www.owasp.org/index.php/Main_Page]. (2008)

...

Wiki Markup
\[Patterns 02\] Patterns in Java, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)

...

Wiki Markup
\[Permissions 08\] [Permissions in the Javaâ„¢ SE 6 Development Kit (JDK)|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

...

Wiki Markup
\[Philion 03\] [Beware the dangers of generic Exceptions|http://www.javaworld.com/javaworld/jw-10-2003/jw-1003-generics.html?page=2#sidebar1], by Paul Philion, JavaWorld.com. (2003)

...

Wiki Markup
\[Phillips 05\] [Are We Counting Bytes Yet?|http://www.inter-locale.com/whitepaper/IUC27-a303.html] at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)

...

Wiki Markup
\[Pistoia 04\] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)

...

Wiki Markup
\[Policy 02\] [Default Policy Implementation and Policy File Syntax|http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html], Document revision 1.6, Sun Microsystems, Inc. (2002)

...

Wiki Markup
\[Pugh 08\] [Defective Java Code: Turning WTF Code into a Learning Experience|http://developers.sun.com/learning/javaoneonline/2008/pdf/TS-6589.pdf?cid=925745], by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)

...

Wiki Markup
\[Pugh 09\] [Defective Java Code: Mistakes That Matter|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-5335.pdf], by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)

...

Wiki Markup
\[Reasoning 03\] [Reasoning Inspection Service Defect Data Tomcat v 1.4.24|http://www.reasoning.com/pdf/Tomcat_Defect_Report.pdf], Reasoning. 14 Nov 2003. (2003)

...

Wiki Markup
\[Reflect 06\] [Reflection|http://java.sun.com/javase/6/docs/technotes/guides/reflection/index.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Rotem 08\] [Fallacies of Distributed Computing Explained|http://www.rgoarchitects.com/Files/fallacies.pdf], by Arnon Rotem-Gal-Oz. (2008)

...

Wiki Markup
\[Roubtsov 03\] [Breaking Java exception-handling rules is easy|http://www.javaworld.com/javaworld/javaqa/2003-02/02-qa-0228-evilthrow.html], by Vladimir Roubtsov, JavaWorld.com.  (2003)

...

Wiki Markup
\[Roubtsov 03b\] [Into the mist of serialization myths|http://www.javaworld.com/javaworld/javaqa/2003-06/02-qa-0627-mythser.html?page=1], by Vladimir Roubtsov, JavaWorld.com.  (2003)

...

Wiki Markup
\[Schneier 00\] Secrets and Lies—Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)

...

Wiki Markup
\[SCG 07\] [Secure Coding Guidelines for the Java Programming Language, version 2.0|http://java.sun.com/security/seccodeguide.html], Sun Microsystems, Inc. (2007)

...

Wiki Markup
\[Schildt 07\] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)

...

Wiki Markup
\[Schwarz 04\] [Avoiding Checked Exceptions|http://www.oreillynet.com/onjava/blog/2004/09/avoiding_checked_exceptions.html], by Don Schwarz, ONJava (2004)

...

Wiki Markup
\[Schoenefeld 04\] Java Vulnerabilities in Opera 7.54  BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)

...

Wiki Markup
\[Schweisguth 03\] [Java Tip 134: When catching exceptions, don't cast your net too wide|http://www.javaworld.com/javaworld/javatips/jw-javatip134.html?page=2], by  Dave Schweisguth. Javaworld.com. (2003)

...

Wiki Markup
\[Seacord 05\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley. (2005)

...

Wiki Markup
\[SecArch 06\] [Java 2 Platform Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Security 06\] [Java Security Guides|http://java.sun.com/javase/6/docs/technotes/guides/security/], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[SecuritySpec 08\] [http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html], Sun Microsystems, Inc. (2008)

...

Wiki Markup
\[Steel 05\] Core Security Patterns: Best Practices and Strategies for J2EEâ„¢, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Microsystems, Inc. (2005)

...

Wiki Markup
\[SDN 08\] [SUN Developer Network|http://developers.sun.com/], Sun Microsystems, Inc. (1994-2008)

...

Wiki Markup
\[Sen 07\] [Avoid the dangers of XPath injection|http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html], by Robi Sen, IBM developerWorks. (2007)

...

Wiki Markup
\[Steinberg 05\] [Java Developer Connection Tech Tips "Using the Varargs Language Feature"|http://java.sun.com/developer/JDCTechTips/2005/tt0104.html], Daniel H. Steinberg, January 4, 2005. (2005)

...

Wiki Markup
\[Sun 03\] [Sun ONE Application Server 7 Performance Tuning Guide|http://docs.sun.com/source/817-2180-10/], Sun Microsystems, Inc. (2003)

...

Wiki Markup
\[Sun 06\] [Javaâ„¢ Platform, Standard Edition 6 documentation|http://java.sun.com/javase/6/docs/index.html], Sun Microsystems, Inc. (2006)

...

Wiki Markup
\[Techtalk 07\] [The PhantomReference Menace. Attack of the Clone. Revenge of the Shift.|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2707.pdf], by Josh Bloch and William Pugh, JavaOne Conference. (2007)

...

Wiki Markup
\[Tutorials 08\] [The Java Tutorials|http://java.sun.com/docs/books/tutorial/index.html], Sun Microsystems, Inc. (2008)

...

Wiki Markup
\[Venners 03\] [Failure and Exceptions, A Conversation with James Gosling, Part II|http://www.artima.com/intv/solid.html], by Bill Venners. Artima.com. (2003)

...

Wiki Markup
\[W3C 08\] [Extensible Markup Language (XML) 1.0 (Fifth Edition)|http://www.w3.org/TR/REC-xml/#include-if-valid], W3C Recommendation, by Tim Bray, 
Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)

...

Wiki Markup
\[Ware 08\] [Writing Secure Java Code:A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools|http://peregrin.jmu.edu/~warems/securejavacode.html], Michael S. Ware. (2008)

...

Wiki Markup
\[Weber 09\] [Exploiting Unicode-enabled Software|http://www.lookout.net/wp-content/uploads/2009/03/chris_weber_exploiting-unicode-enabled-software-v15.pdf], by Chris Weber, Casaba Security. CanSecWest March 2009. (2009) 

...

Wiki Markup
\[Wheeler 03\] [Secure Programming for Linux and Unix HOWTO|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html], David A. Wheeler. (2003)

AnchorZukowski 04Zukowski 04 Wiki Markup\[Zukowski 04\] [Java Developer Connection Tech Tips "Creating Custom Security Permissions"|http://java.sun.com/developer/JDCTechTips/2004/tt0518.html#2], John Zukowski, May 18, 2004. (2004)