A group of secure-programming experts plans a series of documents that outline the skills coders need to write Web applications that are better able to withstand attacks.

"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.

CERT Secure Coding team, part of the Software Engineering Institute at Carnegie Mellon University, have recently released secure coding guidelines specific to Java's application in the Android ...

Secure coding: Prevent unauthorized access through path traversal (CWE-22) CWE-22 describes the improper modification of a path name to a restricted directory. How can the vulnerability be addressed?

Not every application is secure by design, which is why developers must be aware of secure coding guidelines and implement secure coding practices when they build software.

Plain text passwords waiting to be hacked Developers are still coding plain text passwords into their applications. Sometimes plain text passwords appear in the source code. Sometimes they’re stored ...

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

This article will show how to implement such a Java agent, which transparently will add entry and exit logging to all methods in all your classes with the standard Java Logging API. The example ...