Don’t Be Pwned: A Very Short Course on Secure Programming in Java
In this session, the developers of the
CERT Oracle Secure Coding Standard for
Java present a selection of real exploits that have compromised Java programs in the field. For each, they describe the core vulnerability exploited, present techniques for avoiding or repairing the vulnerability (including code examples), and discuss existing (or possible near-future) static analyses that can diagnose similar problems.
Authors:
Dean Sutherland
Dean F. Sutherland is a senior software security engineer at CERT. He is a coauthor of The CERT Oracle Secure Coding Standard for Java (Addison-Wesley,
2011). Dean received his
Ph.D. in software engineering from
Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at
Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R
View more trainings by Dean Sutherland at https://www.parleys.com/author/dean-sutherland
Robert Seacord
Robert C. Seacord is the Secure Coding
Initiative Technical Manager in the CERT
Program of Carnegie Mellon’s
Software Engineering Institute (
SEI) in
Pittsburgh, Pennsylvania and and project manager for the
Software Developer Certification project.
Robert is also a professor in the
School of
Computer and the
Information Networking Institute at
Carnegie Mellon University. He is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and coauthor of
Building Systems from
Commercial Components (Addison-Wesley,
2002), Modernizing
Legacy Systems (Addison-Wesley,
2003), and The CERT Oracle Secure Coding Standard for Java (Addison-Wesley, 2011). He has also published more than 40 papers on software security, component-based software engineering,
Web-based system design, legacy-system modernization, component repositories and search engines, and user
interface design and development. Robert has been teaching Secure Coding in C and C to private industry, academia, and government since
2005. He started programming professionally for
IBM in
1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the
X Consortium, where he developed and maintained code for the
Common Desktop Environment and the
X Window System. He represents
CMU at the
ISO/
IEC JTC1/
SC22/WG14 international standardization working group for the
C programming language.
View more trainings by Robert Seacord at https://www.parleys.com/author/robert-seacord
Find more related tutorials at https://www.parleys.com/category/developer-training-tutorials