SlideShare uma empresa Scribd logo

Secure code 3rd_party_libs

Transferir como PPTX, PDF
FKM Naimul Huda, PMP
FKM Naimul Huda, PMP

A presentation created for in-house secure code training.

Software
1 de 7
Secure code with 3rd Party Library ● Avoid rolling your own cryptographic code (read - this to know why) ● Don’t reinvent the wheel! - Always follow DRY, KISS approach ● Less is better - Use of tried-and-tested 3rd party libraries means you will have less things to worry; your code will have less number of bugs. Also read the secure code guild from Oracle: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Find the commons mistakes developers make http://find-sec-bugs.github.io/bugs.htm
Secure code with 3rd Party Library Some very common 3rd party libraries - ● Apache commons Lang and IO ● Google Guava to compliment Java Collections API ● Joda Datetime Library (for Java Version <= 7) ● And many more Some sample code snippets from our repository where we could have used 3rd library methods -
commons.lang.StringEscapeUtils Before: After: StringEscapeUtils.escapeXml(value); StringBuilder result = new StringBuilder(value.length()); for (int i = 0; i < value.length(); ++i) { switch (value.charAt(i)) { case '<': result.append("&lt;"); break; case '>': result.append("&gt;"); break; case '"': result.append("&quot;"); break; default: result.append(value.charAt(i)); break; } } return result.toString(); Also hundreds of practical uses of String manipulation (join, replace, conversion, etc) from: http://commons.apache.org/proper/commons-lang/javadocs/api- 3.1/org/apache/commons/lang3/StringUtils.html http://docs.spring.io/spring/docs/current/javadoc- api/org/springframework/util/StringUtils.html
org.apache.commons.io.IOUtils (similar FileUtils) Before : After: IOUtils.copy(new FileReader(indexFile), sw); StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); BufferedReader in = null; try { in = new BufferedReader(new FileReader(indexFile)); String line = in.readLine(); while (line != null) { out.println(line); line = in.readLine(); } } finally { if (in != null) { try { in.close(); } catch (Exception t) { log.warn("", t); } finally { in = null; } } out.close(); } More from: https://commons.apache.org/proper/commons-io/bestpractices.html
After: Date firstDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMinimumValue() .toDate(); Date lastDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMaximumValue() .toDate(); org.joda.DateTime (or Java 8 Date API) Before: Calendar fromCal = Calendar.getInstance(); fromCal.set(Calendar.DAY_OF_MONTH, 1); if (spec.getMonth() > 0) { fromCal.set(Calendar.MONTH, spec.getMonth() - 1); } if (spec.getYear() > 0) { fromCal.set(Calendar.YEAR, spec.getYear()); } fromCal.set(Calendar.HOUR_OF_DAY, 0); fromCal.set(Calendar.MINUTE, 0); fromCal.set(Calendar.SECOND, 0); fromCal.set(Calendar.MILLISECOND, 0); Calendar toCal = Calendar.getInstance(); if (spec.getMonth() > 0) { toCal.set(Calendar.MONTH, spec.getMonth() - 1); } toCal.set(Calendar.DAY_OF_MONTH, toCal.getActualMaximum(Calendar.DAY_OF_MONTH)); if (spec.getYear() > 0) { toCal.set(Calendar.YEAR, spec.getYear()); } toCal.set(Calendar.HOUR_OF_DAY, 0); toCal.set(Calendar.MINUTE, 0); toCal.set(Calendar.SECOND, 0); toCal.set(Calendar.MILLISECOND, 0); More from: http://stackoverflow.com/questions/589870/should-i-use-java- date-and-time-classes-or-go-with-a-3rd-party-library-like-joda
After: filterMap = Splitter.on(",").withKeyValueSeparator("=") .split(Globals.getProperty(commaSepKeyVals)); Google Guava: com.google.common.base.Splitter Before: Sample value prop1=value1,prop2=value2,prop3=value3 HashSet set = new HashSet(); String property = Globals.getProperty(commaSepKeyVals); if(property != null && property.length() > 0) { Vector v = RegexUtil.split("/,/", property); set.addAll(v); } Iterator<String> iter = set.iterator(); while (iter.hasNext()) { String paramFilterKeyVal = iter.next(); String[] keyValue = paramFilterKeyVal.split("="); if (keyValue.length == 2) { filterMap.put(keyValue[0], keyValue[1]); } } More from: http://stackoverflow.com/questions/3759440/the-guava-library-for-java-what- are-its-most-useful-and-or-hidden-features
Thanks Naimul Huda mdnhuda@gmail.com

Recomendados

Gsummit apis-2012
Gsummit apis-2012Gsummit apis-2012
Gsummit apis-2012Gluster.org
 
java copy file program
java copy file programjava copy file program
java copy file programGlen Pais
 
Multi threading
Multi threadingMulti threading
Multi threadingMaryam Ansari
 
Xitrum internals
Xitrum internalsXitrum internals
Xitrum internalsNgoc Dao
 
File io
File io File io
File io نورا احمد
 
Gsummit apis-2013
Gsummit apis-2013Gsummit apis-2013
Gsummit apis-2013Gluster.org
 
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Codemotion
 
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Codemotion
 

Recomendados

Gsummit apis-2012
Gsummit apis-2012Gsummit apis-2012
Gsummit apis-2012Gluster.org
 
java copy file program
java copy file programjava copy file program
java copy file programGlen Pais
 
Multi threading
Multi threadingMulti threading
Multi threadingMaryam Ansari
 
Xitrum internals
Xitrum internalsXitrum internals
Xitrum internalsNgoc Dao
 
File io
File io File io
File io نورا احمد
 
Gsummit apis-2013
Gsummit apis-2013Gsummit apis-2013
Gsummit apis-2013Gluster.org
 
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Codemotion
 
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Codemotion
 
Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?Shaul Rosenzwieg
 
Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011Patrick Walton
 
Node intro
Node introNode intro
Node introcloudhead
 
Virtual domains
Virtual domainsVirtual domains
Virtual domainsLuca Pescatore
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Moon Soo Lee
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentSharePoint Saturday NY
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET DevelopersFrederik De Bruyne
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqDoruk Uluçay
 
Calling python from r
Calling python from rCalling python from r
Calling python from rBarry DeCicco
 
Codigo java
Codigo javaCodigo java
Codigo javaweberson2012
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
Workshop@naha val3
Workshop@naha val3Workshop@naha val3
Workshop@naha val3Shusaku Fukumine
 
Macros in nemerle
Macros in nemerleMacros in nemerle
Macros in nemerleKota Mizushima
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxPatrick Koning
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)Nicolai Grodzitski
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Brett Estrade
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslogamiable_indian
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo
 
Scheming Defaults
Scheming DefaultsScheming Defaults
Scheming DefaultsAshton Williams
 
Story_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeStory_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeTheresa Casey, FSMPS, CPSM
 
CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUACLAUCRUZ
 

Mais conteúdo relacionado

Mais procurados

Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011Patrick Walton
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Moon Soo Lee
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentSharePoint Saturday NY
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET DevelopersFrederik De Bruyne
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqDoruk Uluçay
 
Calling python from r
Calling python from rCalling python from r
Calling python from rBarry DeCicco
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxPatrick Koning
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Brett Estrade
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslogamiable_indian
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo
 

Mais procurados (20)

Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?
 
Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011
 
Node intro
Node introNode intro
Node intro
 
Virtual domains
Virtual domainsVirtual domains
Virtual domains
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 Development
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, Seq
 
Calling python from r
Calling python from rCalling python from r
Calling python from r
 
Codigo java
Codigo javaCodigo java
Codigo java
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
 
Workshop@naha val3
Workshop@naha val3Workshop@naha val3
Workshop@naha val3
 
Macros in nemerle
Macros in nemerleMacros in nemerle
Macros in nemerle
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie Linux
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntax
 
Scheming Defaults
Scheming DefaultsScheming Defaults
Scheming Defaults
 

Destaque

CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUACLAUCRUZ
 
Trabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cTrabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cseba123
 
RESUME_December2014
RESUME_December2014RESUME_December2014
RESUME_December2014Nick Brower
 
CustomCertificatelevel2
CustomCertificatelevel2CustomCertificatelevel2
CustomCertificatelevel2Vinnie Lester
 
Ch fr comb_seniors_2014
Ch fr comb_seniors_2014Ch fr comb_seniors_2014
Ch fr comb_seniors_2014emiliomerayo
 
Comunidades Virtuales
Comunidades VirtualesComunidades Virtuales
Comunidades Virtualeskeiner monroy
 
Combat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cCombat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cMarcus Walters
 
Webflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueWebflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueAntoine GRATIAN
 
Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391Comunidades Vivas
 
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953Mountasser Choukri
 
Calendario escolar cra 16 17
Calendario escolar cra 16 17Calendario escolar cra 16 17
Calendario escolar cra 16 17crasadaba
 
Projeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humanoProjeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humanoMaike Zaniolo
 

Destaque (18)

Story_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeStory_2_Kosciuszko_Bridge
Story_2_Kosciuszko_Bridge
 
CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUA
 
Teksec Velogate
Teksec VelogateTeksec Velogate
Teksec Velogate
 
Trabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cTrabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2c
 
RM120_e
RM120_eRM120_e
RM120_e
 
RESUME_December2014
RESUME_December2014RESUME_December2014
RESUME_December2014
 
2
22
2
 
CustomCertificatelevel2
CustomCertificatelevel2CustomCertificatelevel2
CustomCertificatelevel2
 
Ch fr comb_seniors_2014
Ch fr comb_seniors_2014Ch fr comb_seniors_2014
Ch fr comb_seniors_2014
 
Calendario2012 2013-1
Calendario2012 2013-1Calendario2012 2013-1
Calendario2012 2013-1
 
Comunidades Virtuales
Comunidades VirtualesComunidades Virtuales
Comunidades Virtuales
 
Combat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cCombat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for c
 
kevins-kudos-page
kevins-kudos-pagekevins-kudos-page
kevins-kudos-page
 
Webflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueWebflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blue
 
Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391
 
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
 
Calendario escolar cra 16 17
Calendario escolar cra 16 17Calendario escolar cra 16 17
Calendario escolar cra 16 17
 
Projeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humanoProjeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humano
 

Semelhante a Secure code 3rd_party_libs

Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security ProfessionalsAditya Shankar
 
Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8Hermann Hueck
 
.NET Multithreading/Multitasking
.NET Multithreading/Multitasking.NET Multithreading/Multitasking
.NET Multithreading/MultitaskingSasha Kravchuk
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2sadhana312471
 
Java IO Streams V4
Java IO Streams V4Java IO Streams V4
Java IO Streams V4Sunil OS
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeIan Robertson
 
The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212Mahmoud Samir Fayed
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...Arnaud Joly
 
Hands on Session on Python
Hands on Session on PythonHands on Session on Python
Hands on Session on PythonSumit Raj
 
File Handling in Java.pdf
File Handling in Java.pdfFile Handling in Java.pdf
File Handling in Java.pdfSudhanshiBakre1
 
15 Text files
15 Text files15 Text files
15 Text filesmaznabili
 

Semelhante a Secure code 3rd_party_libs (20)

Java 7 & 8 New Features
Java 7 & 8 New FeaturesJava 7 & 8 New Features
Java 7 & 8 New Features
 
Python for web security - beginner
Python for web security - beginnerPython for web security - beginner
Python for web security - beginner
 
concurrency
concurrencyconcurrency
concurrency
 
Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security Professionals
 
15. text files
15. text files15. text files
15. text files
 
Java sockets
Java socketsJava sockets
Java sockets
 
Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8
 
.NET Multithreading/Multitasking
.NET Multithreading/Multitasking.NET Multithreading/Multitasking
.NET Multithreading/Multitasking
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Java IO Streams V4
Java IO Streams V4Java IO Streams V4
Java IO Streams V4
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive Code
 
The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212
 
Thread
ThreadThread
Thread
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...
 
Hands on Session on Python
Hands on Session on PythonHands on Session on Python
Hands on Session on Python
 
Introduzione al TDD
Introduzione al TDDIntroduzione al TDD
Introduzione al TDD
 
Java Concurrency
Java ConcurrencyJava Concurrency
Java Concurrency
 
File Handling in Java.pdf
File Handling in Java.pdfFile Handling in Java.pdf
File Handling in Java.pdf
 
15 Text files
15 Text files15 Text files
15 Text files
 

Último

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Secure code 3rd_party_libs

  • 1. Secure code with 3rd Party Library ● Avoid rolling your own cryptographic code (read - this to know why) ● Don’t reinvent the wheel! - Always follow DRY, KISS approach ● Less is better - Use of tried-and-tested 3rd party libraries means you will have less things to worry; your code will have less number of bugs. Also read the secure code guild from Oracle: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Find the commons mistakes developers make http://find-sec-bugs.github.io/bugs.htm
  • 2. Secure code with 3rd Party Library Some very common 3rd party libraries - ● Apache commons Lang and IO ● Google Guava to compliment Java Collections API ● Joda Datetime Library (for Java Version <= 7) ● And many more Some sample code snippets from our repository where we could have used 3rd library methods -
  • 3. commons.lang.StringEscapeUtils Before: After: StringEscapeUtils.escapeXml(value); StringBuilder result = new StringBuilder(value.length()); for (int i = 0; i < value.length(); ++i) { switch (value.charAt(i)) { case '<': result.append("&lt;"); break; case '>': result.append("&gt;"); break; case '"': result.append("&quot;"); break; default: result.append(value.charAt(i)); break; } } return result.toString(); Also hundreds of practical uses of String manipulation (join, replace, conversion, etc) from: http://commons.apache.org/proper/commons-lang/javadocs/api- 3.1/org/apache/commons/lang3/StringUtils.html http://docs.spring.io/spring/docs/current/javadoc- api/org/springframework/util/StringUtils.html
  • 4. org.apache.commons.io.IOUtils (similar FileUtils) Before : After: IOUtils.copy(new FileReader(indexFile), sw); StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); BufferedReader in = null; try { in = new BufferedReader(new FileReader(indexFile)); String line = in.readLine(); while (line != null) { out.println(line); line = in.readLine(); } } finally { if (in != null) { try { in.close(); } catch (Exception t) { log.warn("", t); } finally { in = null; } } out.close(); } More from: https://commons.apache.org/proper/commons-io/bestpractices.html
  • 5. After: Date firstDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMinimumValue() .toDate(); Date lastDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMaximumValue() .toDate(); org.joda.DateTime (or Java 8 Date API) Before: Calendar fromCal = Calendar.getInstance(); fromCal.set(Calendar.DAY_OF_MONTH, 1); if (spec.getMonth() > 0) { fromCal.set(Calendar.MONTH, spec.getMonth() - 1); } if (spec.getYear() > 0) { fromCal.set(Calendar.YEAR, spec.getYear()); } fromCal.set(Calendar.HOUR_OF_DAY, 0); fromCal.set(Calendar.MINUTE, 0); fromCal.set(Calendar.SECOND, 0); fromCal.set(Calendar.MILLISECOND, 0); Calendar toCal = Calendar.getInstance(); if (spec.getMonth() > 0) { toCal.set(Calendar.MONTH, spec.getMonth() - 1); } toCal.set(Calendar.DAY_OF_MONTH, toCal.getActualMaximum(Calendar.DAY_OF_MONTH)); if (spec.getYear() > 0) { toCal.set(Calendar.YEAR, spec.getYear()); } toCal.set(Calendar.HOUR_OF_DAY, 0); toCal.set(Calendar.MINUTE, 0); toCal.set(Calendar.SECOND, 0); toCal.set(Calendar.MILLISECOND, 0); More from: http://stackoverflow.com/questions/589870/should-i-use-java- date-and-time-classes-or-go-with-a-3rd-party-library-like-joda
  • 6. After: filterMap = Splitter.on(",").withKeyValueSeparator("=") .split(Globals.getProperty(commaSepKeyVals)); Google Guava: com.google.common.base.Splitter Before: Sample value prop1=value1,prop2=value2,prop3=value3 HashSet set = new HashSet(); String property = Globals.getProperty(commaSepKeyVals); if(property != null && property.length() > 0) { Vector v = RegexUtil.split("/,/", property); set.addAll(v); } Iterator<String> iter = set.iterator(); while (iter.hasNext()) { String paramFilterKeyVal = iter.next(); String[] keyValue = paramFilterKeyVal.split("="); if (keyValue.length == 2) { filterMap.put(keyValue[0], keyValue[1]); } } More from: http://stackoverflow.com/questions/3759440/the-guava-library-for-java-what- are-its-most-useful-and-or-hidden-features