Contents
1. Limit the lifetime of sensitive data
2. Do not store unencrypted sensitive information on the client side
3. Provide sensitive mutable classes with unmodifiable wrappers
4. Ensure that security-sensitive methods are called with validated arguments
5. Prevent arbitrary file upload
6. Properly encode or escape output
10. Do not use the clone()
method to copy untrusted method parameters
11. Do not use Object.equals()
to compare cryptographic keys
12. Do not use insecure or weak cryptographic algorithms
Get Java™ Coding Guidelines: 75 Recommendations for Reliable and Secure Programs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.