12 rules for writing safer JavaChapter 7 of Securing Java

1. don’t depend on initialization

2. limit access to entities

3. make everything final

4. don’t depend on package scope

5. don’t use inner classes

6. avoid signing your code

7. put all signed code in one archive

8. make classes uncloneable

9. make classes unserializeable

10. make classes undeserializeable

11. don’t compare classes by name

12. don’t store secrets

Previous slide

Next slide

Back to first slide

View graphic version