 
                            
[Abadi 96] Prudent Engineering Practice for Cryptographic Protocols, by Martin Abadi and Roger Needham, IEEE Transactions on Software Engineering Volume 22, Issue 1, Jan 1996 Page(s):6 - 15. (1996)
[API 06] Java Platform, Standard Edition 6 API Specification , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Austin 00] Advanced Programming for the Java 2 Platform , by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)
, by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)
[Bea 08] Packaging WebLogic Server J2EE Applications (2008)
 (2008)
[Bloch 01] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)
[Bloch 05] Java⢠Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)
[Bloch 05b] Yet More Programming Puzzlers , by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)
, by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)
[Bloch 07] Effective Java⢠Reloaded: This Time It's (not) for Real , by Joshua Bloch. JavaOne Conference. (2007)
, by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4678d20d-22f3-426c-be6d-9f01ec1cb3d1"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>
[Bloch 08] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)
[Bloch 09] Return of the Puzzlers: Schlock and Awe , by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)
, by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)
[Boehm 05] Finalization, Threads, and the Java⢠Technology-Based Memory Model, by Hans-J. Boehm. JavaOne Conference. (2005)
[Campione 96] The Java Tutorial, by Mary Campione and Kathy Walrath (1996)
 (1996)
[CCITT 88] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva. (1988)
[Chan 99] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)
[Chess 07] Secure Programming with Static Analysis, by Brian Chess and Jacob West. Addison-Wesley Professional. (2007)
[Christudas 05] Internals of Java Class Loading , ONJava. (2005)
, ONJava. (2005)
[Conventions 09] Code Conventions for the Java Programming Language . Sun Microsystems, Inc. (2009)
. Sun Microsystems, Inc. (2009)
[CVE 08] Common Vulnerability Exposure, MITRE Corporation. (2008)
[Coomes 07] Garbage Collection-Friendly Programming by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)
 by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)
[Core Java 04] Core Java⢠2 Volume I - Fundamentals, Seventh Edition by Cay S. Horstmann, Gary Cornell. Prentice Hall PTR. (2004)
[Cunningham 95] "The CHECKS Pattern Language of Information Integrity", Pattern Languages of Program Design, by Ward Cunningham, edited by James O Coplien and Douglas C Schmidt. Addison-Wesley. (1995)
[Daconta 00] When Runtime.exec() won't , by Michael C. Daconta, JavaWorld.com.  (2000)
, by Michael C. Daconta, JavaWorld.com.  (2000)
[Daconta 03] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)
[Unicode 08] Unicode Standard Annex #15, Unicode Normalization Forms , by Mark Davis and Martin Dürst. (2008)
, by Mark Davis and Martin Dürst. (2008)
[Unicode 08b] Unicode Technical Report #36, Unicode Security Considerations , by Mark Davis and Michel Suignard. (2008)
, by Mark Davis and Michel Suignard. (2008)
[Dormann 08] Signed Java Applet Security: Worse than ActiveX? , by Will Dormann. CERT Vulnerability Analysis Blog. (2008)
, by Will Dormann. CERT Vulnerability Analysis Blog. (2008)
[Darwin 04] Java Cookbook, by Ian F. Darwin (2004)
[Doshi 03] Best Practices for Exception Handling by Gunjan Doshi. (2003)
 by Gunjan Doshi. (2003)
[Eclipse 08] The Eclipse Platform (2008)
[Encodings 06] Supported Encodings , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Enterprise 03] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)
[ESA 05] Java Coding Standards , prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)
, prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)
[FindBugs 08] FindBugs Bug Descriptions (2008)
 (2008)
[Fisher 03] JDBC API Tutorial and Reference, 3rd edition, by Maydene Fisher, Jon Ellis, and Jonathan Bruce, Prentice Hall, The Java Series. (2003)
[Flanagan 05] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)
[Fortify 08] A Taxonomy of Coding Errors that Affect Security Java/JSP, Fortify Software. (2008)
 Java/JSP, Fortify Software. (2008)
[Fox 01] When is a Singleton not a Singleton?, by Joshua Fox, Sun Developer Network (SDN) (2001)
[FT 08] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)
 Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)
[Gamma 95] Design Patterns: Elements of Reusable Object-Oriented Software, by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides. Addison-Wesley Professional Computing Series. (1995)
[Garms 01] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)
[Goetz 02] Java theory and practice: Don't let the "this" reference escape during construction , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)
[Goetz 04] Java theory and practice: Garbage collection and performance , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 04b] Java theory and practice: The exceptions debate: To check, or not to check? , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 05] Java theory and practice: Be a good (event) listener, Guidelines for writing and supporting event listeners , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 05b] Java theory and practice: Plugging memory leaks with weak references , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 06] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)
[Goetz 06b] Java theory and practice: Good housekeeping practices , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)
[Goldberg 91] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic . Sun Microsystems, Inc. March 1991. (1991)
. Sun Microsystems, Inc. March 1991. (1991)
[Gong 03] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)
[Greanier 00] Discover the secrets of the Java Serialization API , by Todd Greanier, Sun Developer Network (SDN). (2000)
, by Todd Greanier, Sun Developer Network (SDN). (2000)
[Green 08] Canadian Mind Products Java & Internet Glossary by Roedy Green. (2008)
 by Roedy Green. (2008)
[Grosso 01] Java RMI , by William Grosso. O'Reilly. (2001)
, by William Grosso. O'Reilly. (2001)
[Gupta 05] Java memory leaks - Catch me if you can , by Satish Chandra Gupta and Rajeev Palanki. (2005)
, by Satish Chandra Gupta and Rajeev Palanki. (2005)
[Haack 06] Immutable Objects in Java , by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)
, by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)
[Haggar 00] Practical Java⢠Programming Language Guide, by Peter Haggar. Addison-Wesley Professional. (2000)
[Halloway 00] Java Developer Connection Tech Tips, March 28, 2000, by Stuart Halloway.
[Halloway 01] Java Developer Connection Tech Tips , January 30, 2001, by Stuart Halloway.
, January 30, 2001, by Stuart Halloway.
[Harold 97] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)
[Harold 99] Java I/O, by Elliotte Rusty Harold. O'REILLY. (1999)
[Harold 06] Java I/O, by Elliotte Rusty Harold (2nd Edition). O'Reilley. (2006)
[Hawtin 08] Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)
 by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)
[Henney 03] Null Object, Something for Nothing , by Kevlin Henney (2003)
, by Kevlin Henney (2003)
[Hitchens 02] Java⢠NIO, by Ron Hitchens. O'Reilly. (2002)
[Hornig 07] Advanced Java⢠Globalization, by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)
[Hovemeyer 07] Finding more null pointer bugs, but not too many, by David Hovemeyer and William Pugh. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. (2007)
[Hunt 98] Java's reliability: an analysis of software defects in Java, by J. Hunt and F. Long. Software IEE Proceedings. (1998)
[J2SE 00] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems, Inc. J2SE Documentation version 1.3 , Sun Microsystems, Inc. (2000)
, Sun Microsystems, Inc. (2000)
[JarSpec 08] J2SE Documentation version 1.5, Jar File Specification , Sun Microsystems, Inc.  (2000)
, Sun Microsystems, Inc.  (2000)
[Java 06] java - the Java application launcher , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Java2NS 99] Java 2 Network Security, by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok K. Ramani. IBM Corporation. (1999)
[JavaGenerics 04] [http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html ], Sun Microsystems, Inc. (2004)
], Sun Microsystems, Inc. (2004)
[JavaThreads 99] Java Threads (2nd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (1999)
[JavaThreads 04] Java Threads (3rd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (2004)
[JDK7 08] Java⢠Platform, Standard Edition 7 documentation , Sun Microsystems, Inc., 19 Dec 2008. (2008)
, Sun Microsystems, Inc., 19 Dec 2008. (2008)
[JLS 05] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. The Java Language Specification. (2005)
 (2005)
[JPL 05] The Java⢠Programming Language, Fourth Edition, by Ken Arnold, James Gosling, David Holmes. Addison Wesley Professional. (2005)
[JMX 06] Monitoring and Management for the Java Platform , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JMXG 06] Java SE Monitoring and Management Guide , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JNI 06] Java Native Interface , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JPDA 04] Java Platform Debugger Architecture (JPDA) , Sun Microsystems, Inc. (2004)
, Sun Microsystems, Inc. (2004)
[JVMTI 06] Java Virtual Machine Tool Interface (JVM TI) , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JVMSpec 99] The Java Virtual Machine Specification , Sun Microsystems, Inc. (1999)
, Sun Microsystems, Inc. (1999)
[Kabanov 09] The Ultimate Java Puzzler by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)
 by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)
[Kabutz 01] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)
[Kalinovsky 04] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing. (2004)
[Knoernschild 01] Java⢠Design: Objects, UML, and Process, by Kirk Knoernschild. Addison-Wesley Professional. (2001)
[Lai 08] Java Insecurity: Accounting for Subtleties That Can Compromise Code, by Charlie Lai, Sun Microsystems (2008)
 (2008)
[Langer 08] http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html , Angelica Langer. (2008)
, Angelica Langer. (2008)
[Lea 00] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems, Inc. (2000)
[Lea 00b] Correct and Efficient Synchronization of Java⢠Technology based Threads , by Doug Lea and William Pugh. JavaOne Conference. (2000)
, by Doug Lea and William Pugh. JavaOne Conference. (2000)
[Lee 09] Robust and Scalable Concurrent Programming: Lessons from the Trenches , by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)
, by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)
[Liang 97] The Java⢠Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)
[Liang 98] Dynamic Class Loading in the Java⢠ Virtual Machine , by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)
, by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)
[Lieberman 86] Using prototypical objects to implement shared behavior in object-oriented systems . In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986)
. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986) 
[Long 05] Software Vulnerabilities in Java , by Fred Long, CMU/SEI-2005-TN-044. (2005)
, by Fred Long, CMU/SEI-2005-TN-044. (2005)
[Lo 05] Security Issues in Garbage Collection , by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)
, by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)
[Low 97] Protecting Java Code via Obfuscation , by Douglas Low. (1997)
, by Douglas Low. (1997)
[Macgregor 98] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)
[Mak 02] Java Number Cruncher, The Java Programmer's Guide to Numerical Computing, by Ronald Mak. Prentice Hall. (2002)
[Martin 96] Granularity , by Robert C. Martin. (1996)
, by Robert C. Martin. (1996)
[McCluskey 01] Java Developer Connection Tech Tips, by Glen McCluskey, April 10, 2001. (2001)
[McGraw 00] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)
[Mcgraw 98] Twelve rules for developing more secure Java code , Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)
, Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)
[Miller 09] Java⢠Platform Concurrency Gotchas , by Alex Miller, Terracotta. JavaOne Conference. (2009)
, by Alex Miller, Terracotta. JavaOne Conference. (2009)
[MITRE 09] Common Weakness Enumeration , MITRE Corporation. (2009)
, MITRE Corporation. (2009)
[Mocha 07] Mocha, the Java Decompiler (2007)
 (2007)
[Monsch 06] Ruining Security with java.util.Random Version 1.0, by Jan P. Monsch. (2006)
 Version 1.0, by Jan P. Monsch. (2006)
[MSDN 09] Using SQL Escape Sequences , Microsoft Corporation. (2009)
, Microsoft Corporation. (2009)
[Muchow 01] MIDlet Packaging with J2ME , by John W. Muchow (2001)
, by John W. Muchow (2001)
[Müller 02] Exception Handling: Common Problems and Best Practice with Java 1.4 by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)
 by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)
[Naftalin 06] Java Generics and Collections, Maurice Naftalin and Philip Wadler, O'Reilly (2006)
[Naftalin 06b] Java⢠Generics and Collections: Tools for Productivity , by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)
, by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)
[Neward 04] Effective Enterprise Java, by Ted Neward. Addison Wesley Professional. (2004)
[Nisewanger 07] Avoiding Antipatterns, by Jeff Nisewanger, JavaOne Conference (2007)
 (2007)
[Nolan 04] Decompiling Java, by Godfrey Nolan, Apress . (2004)
. (2004)
[Oaks 01] Java Security, by Scott Oaks. O'REILLY. (2001)
[OWASP 05] A Guide to Building Secure Web Applications and Web Services . The Open Web Application Security Project. (2005)
. The Open Web Application Security Project. (2005)
[OWASP 07] OWASP TOP 10 FOR JAVA EE . The Open Web Application Security Project. (2007)
. The Open Web Application Security Project. (2007)
[OWASP 08] OWASP . (2008)
. (2008)
[Patterns 02] Patterns in Java, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)
[Permissions 08] Permissions in the Java⢠SE 6 Development Kit (JDK) , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Philion 03] Beware the dangers of generic Exceptions , by Paul Philion, JavaWorld.com. (2003)
, by Paul Philion, JavaWorld.com. (2003)
[Phillips 05] Are We Counting Bytes Yet? at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)
 at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)
[Pistoia 04] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)
[Policy 02] Default Policy Implementation and Policy File Syntax , Document revision 1.6, Sun Microsystems, Inc. (2002)
, Document revision 1.6, Sun Microsystems, Inc. (2002)
[Pugh 08] Defective Java Code: Turning WTF Code into a Learning Experience , by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)
, by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)
[Pugh 04] The Java Memory Model (discussions reference) by William Pugh, Univ. of Maryland. (2004)
 by William Pugh, Univ. of Maryland. (2004)
[Pugh 09] Defective Java Code: Mistakes That Matter , by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)
, by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)
[Reasoning 03] Reasoning Inspection Service Defect Data Tomcat v 1.4.24 , Reasoning. 14 Nov 2003. (2003)
, Reasoning. 14 Nov 2003. (2003)
[Reflect 06] Reflection , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Rotem 08] Fallacies of Distributed Computing Explained , by Arnon Rotem-Gal-Oz. (2008)
, by Arnon Rotem-Gal-Oz. (2008)
[Roubtsov 03] Breaking Java exception-handling rules is easy , by Vladimir Roubtsov, JavaWorld.com.  (2003)
, by Vladimir Roubtsov, JavaWorld.com.  (2003)
[Roubtsov 03b] Into the mist of serialization myths , by Vladimir Roubtsov, JavaWorld.com.  (2003)
, by Vladimir Roubtsov, JavaWorld.com.  (2003)
[Schneier 00] Secrets and Liesâ”Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)
[SCG 07] Secure Coding Guidelines for the Java Programming Language, version 2.0 , Sun Microsystems, Inc. (2007)
, Sun Microsystems, Inc. (2007)
[Schildt 07] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)
[Schwarz 04] Avoiding Checked Exceptions , by Don Schwarz, ONJava (2004)
, by Don Schwarz, ONJava (2004)
[Schoenefeld 04] Java Vulnerabilities in Opera 7.54 BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)
[Schweisguth 03] Java Tip 134: When catching exceptions, don't cast your net too wide , by  Dave Schweisguth. Javaworld.com. (2003)
, by  Dave Schweisguth. Javaworld.com. (2003)
[Seacord 05] Seacord, Robert C. Secure Coding in C and C++. Boston, MA: Addison-Wesley. (2005)
[SecArch 06] Java 2 Platform Security Architecture , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Security 06] Java Security Guides , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[SecuritySpec 08] http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Steel 05] Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Microsystems, Inc. (2005)
[Sterbenz 06] Secure Coding Antipatterns: Avoiding Vulnerabilities , by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)
, by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)
[Steuck 02] XXE (Xml eXternal Entity) attack , by Gregory Steuck (www.securityfocus.com). (2002)
, by Gregory Steuck (www.securityfocus.com). (2002)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7daa5073-ec19-4310-a2f6-da3522491c3c"><ac:parameter ac:name="">SDN 08</ac:parameter></ac:structured-macro>
[SDN 08] SUN Developer Network , Sun Microsystems, Inc. (1994-2008)
, Sun Microsystems, Inc. (1994-2008)
[Sen 07] Avoid the dangers of XPath injection , by Robi Sen, IBM developerWorks. (2007)
, by Robi Sen, IBM developerWorks. (2007)
[Steinberg 05] Java Developer Connection Tech Tips "Using the Varargs Language Feature" , Daniel H. Steinberg, January 4, 2005. (2005)
, Daniel H. Steinberg, January 4, 2005. (2005)
[Sun 03] Sun ONE Application Server 7 Performance Tuning Guide , Sun Microsystems, Inc. (2003)
, Sun Microsystems, Inc. (2003)
[Sun 06] Java⢠Platform, Standard Edition 6 documentation , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Techtalk 07] The PhantomReference Menace. Attack of the Clone. Revenge of the Shift. , by Josh Bloch and William Pugh, JavaOne Conference. (2007)
, by Josh Bloch and William Pugh, JavaOne Conference. (2007)
[Tomcat 09] Tomcat documentation, Changelog and Security fixes
 and Security fixes , the Apache Software Foundation. (2009)
, the Apache Software Foundation. (2009)
[Tutorials 08] The Java Tutorials , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Venners 03] Security and the class loader architecture Java World.com, by Bill Venners. (1997)
 Java World.com, by Bill Venners. (1997)
[Venners 03] Failure and Exceptions, A Conversation with James Gosling, Part II , by Bill Venners. Artima.com. (2003)
, by Bill Venners. Artima.com. (2003)
[W3C 08] Extensible Markup Language (XML) 1.0 (Fifth Edition) , W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)
, W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)
[Ware 08] Writing Secure Java Code:A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools , Michael S. Ware. (2008)
, Michael S. Ware. (2008)
[Weber 09] Exploiting Unicode-enabled Software , by Chris Weber, Casaba Security. CanSecWest March 2009. (2009)
, by Chris Weber, Casaba Security. CanSecWest March 2009. (2009) 
[Wheeler 03] Secure Programming for Linux and Unix HOWTO , David A. Wheeler. (2003)
, David A. Wheeler. (2003)
[Zukowski 04] Java Developer Connection Tech Tips "Creating Custom Security Permissions" , John Zukowski, May 18, 2004. (2004)
, John Zukowski, May 18, 2004. (2004)