Guia de Codigo Seguro en Java

Sun ofrece en web oficial una guia de buenas practicas de desarrollo seguro en java (Ingles)

Contenido de la guia:

1. Accessibility and Extensibility

- Guideline 1-1 Limit the accessibility of classes, interfaces, methods, and fields
- Guideline 1-2 Limit the extensibility of classes and methods

- Guideline 1-3 Understand how a superclass can affect subclass behavior

2. Input and Output Parameters

- Guideline 2-1 Create a copy of mutable inputs and outputs
- Guideline 2-2 Support copy functionality for a mutable class
- Guideline 2-3 Validate inputs

3. Classes
- Guideline 3-1 Treat public static fields as constants

- Guideline 3-2 Define wrapper methods around modifiable internal state

- Guideline 3-3 Define wrappers around native methods
- Guideline 3-4 Purge sensitive information from exceptions

4. Object Construction
- Guideline 4-1 Prevent the unauthorized construction of sensitive classes

- Guideline 4-2 Defend against partially initialized instances of non-final classes

- Guideline 4-3 Prevent constructors from calling methods that can be overridden

5. Serialization and Deserialization
- Guideline 5-1 Guard sensitive data during serialization

- Guideline 5-2 View deserialization the same as object construction

- Guideline 5-3 Duplicate the SecurityManager checks enforced in a class during serialization and deserialization

6. Standard APIs
- Guideline 6-1 Safely invoke java.security.AccessController.doPrivileged

- Guideline 6-2 Safely invoke standard APIs that bypass SecurityManager checks depending on the immediate caller's class loader

- Guideline 6-3 Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance

- Guideline 6-4 Be aware of standard APIs that perform Java language access checks against the immediate caller

Guia: Secure Coding Guidelines for the Java Programming Language, version 2.0
Articulo relacionado: Securing Your Java Applications - Acegi Security Style