Erika Barron, profile picture
Uploaded byErika Barron
PPTX, PDF573 views

12 Days of Coding Errors

The document discusses common software issues and how to prevent them. It covers overloaded systems, text editors, accidental assignments, plaintext passwords, SQL injection, unstable builds, memory errors, unhandled exceptions, race conditions, false positives, memory leaks, and null pointers. The presentation provides tips on testing components in isolation, using modern editors to reduce bugs, encrypting sensitive data, validating user input to prevent SQL injection, making builds repeatable, handling exceptions properly, and avoiding null pointers.

Embed presentation

Download to read offline
Arthur Hicken – Parasoft 2013-12-20 December 2013 Parasoft © 2013 1
GoToWebinar Housekeeping Your Participation Open and hide your control panel Join audio: • Choose “Mic & Speakers” to use VoIP • Choose “Telephone” and dial using the information provided Submit questions and comments via the Questions panel Note: Today’s presentation is being recorded and will be provided within a week. Parasoft © 2013 2
1 Overloaded System  Know the load you need  Normal  Peak  Test before deploying  Isolate each component  Service Virtualization Parasoft © 2013 3
2 Text Editors Text editors • VI • Emacs Modern editors: • Save Time • Reduce bugs • Increase understanding Parasoft © 2013 4
Results where they’re needed  Email is not an IDE  Browser is not an IDE Tasks Automatically Distributed Parasoft © 2013 5
3 accidental assignments  if (a = b) {}  If a.equals(b){ Parasoft © 2013 6
4 Plaintext Passwords Sensitive data should be encrypted Enforce reasonable passwords Sending Storing Parasoft © 2013 7
5 SQLi Common Easy to exploit Easy to prevent Data validation Stored procedures Parasoft © 2013 8
6 Unstable builds Non-repeatable builds Human steps required Artifacts not all under control Environment not under control Parasoft © 2013 9
7 Memory Errors        Overwrites Read overflow Write overflow Lucky pointers Uninitialized memory Buffer underrun Dangling references Parasoft © 2013 10
8 Unhandled exceptions  When to handle, when to re-throw  Run-time vs compile-time checking  Empty handlers Parasoft © 2013 11
9 Race Conditions  Hard to find  Hard to reproduce  Careful API use Parasoft © 2013 12
10 False Positives Proper Configuration Proper Rules Leaving noise leads to missing issues Proper Suppressions Parasoft © 2013 13
Doing too much Too many rules Too much code Unimportant rules Parasoft © 2013 14
11 Memory Leaks     All software leaks Resources, not just memory Proper API use Runtime debugger with good test suite Parasoft © 2013 15
12 Null Pointers Affect stability Important for APIs Can be prevented Parasoft © 2013 16
The Whole List  1 - Overloaded system  2 - Text editors  3 - Accidental assignments  4 – Plaintext passwords  5 – SQLi  6 – Unstable builds Parasoft © 2013  7 – Memory errors  8 – Unhandled exceptions  9 – Race conditions  10 – False positives  11 - Memory leaks  12 - Null pointers 17
Next  Coming in January  New Years resolutions for Software Development Parasoft © 2013 18
 Web  http://www.parasoft.com/jsp/resources  Blog  http://alm.parasoft.com  Social  Facebook: https://www.facebook.com/parasoftcorporation  Twitter: @Parasoft @MustRead4Dev  LinkedIn: http://www.linkedin.com/company/parasoft  Google+ Community: Static Analysis for Fun and Profit Parasoft © 2013 19

More Related Content

PDF
Careful - APIs Inside: Testing and Monitoring for App Development
by3scale
 
PDF
Monitoring your API
byAndrés F Vargas
 
PDF
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
PPT
Thriving in the Shark Tank: How Vebalizeit Load Tested with SOASTA
bySOASTA
 
PDF
Automating OWASP Tests in your CI/CD
byrkadayam
 
PPTX
Integrating Security into DevOps
byCloudPassage
 
PDF
5 Steps to Detecting Issues Earlier in Your Release Cycles
byPerfecto by Perforce
 
PDF
OWASP DefectDojo - Open Source Security Sanity
byMatt Tesauro
 
Careful - APIs Inside: Testing and Monitoring for App Development
by3scale
 
Monitoring your API
byAndrés F Vargas
 
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
Thriving in the Shark Tank: How Vebalizeit Load Tested with SOASTA
bySOASTA
 
Automating OWASP Tests in your CI/CD
byrkadayam
 
Integrating Security into DevOps
byCloudPassage
 
5 Steps to Detecting Issues Earlier in Your Release Cycles
byPerfecto by Perforce
 
OWASP DefectDojo - Open Source Security Sanity
byMatt Tesauro
 

What's hot

ODP
OWASP WTE - Now in the Cloud!
byMatt Tesauro
 
PPTX
New relic
byShubhani Jain
 
PPTX
Accelerate Web and Mobile Testing for Continuous Integration and Delivery
bySOASTA
 
PPTX
Test at Scale within your Internal Networks with BrowserStack Local Testing
byBrowserStack
 
PDF
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
byNETWAYS
 
ODP
Making security-agile matt-tesauro
byMatt Tesauro
 
PPTX
Security testautomation
byLinkesh Kanna Velu
 
PPTX
AppSec Pipeline - Velcocity NY 2015
byMatt Tesauro
 
PPTX
DevOps AppSec Pipeline Velcocity NY 2015
byAaron Weaver
 
PDF
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
byMatt Tesauro
 
PDF
LogmaticPresentation
bylogmatic.io
 
PDF
Security as Code: DOES15
byEd Bellis
 
PDF
Intro to DefectDojo at OWASP Switzerland
byMatt Tesauro
 
PPTX
Cloud Platforms for Java
by3Pillar Global
 
PPTX
Inspector
bySudipto Chakraborty
 
PPTX
Compliance as Code - Using the Open Source InSpec testing Framework
bySonatype
 
PPTX
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
byAndreas Grabner
 
PPTX
D3NY17- Using IncapRules to Customize Security
byImperva Incapsula
 
PPTX
AppSec Pipeline Reference Architecture
byAaron Weaver
 
PDF
DAST in CI/CD pipelines using Selenium & OWASP ZAP
bysrini0x00
 
OWASP WTE - Now in the Cloud!
byMatt Tesauro
 
New relic
byShubhani Jain
 
Accelerate Web and Mobile Testing for Continuous Integration and Delivery
bySOASTA
 
Test at Scale within your Internal Networks with BrowserStack Local Testing
byBrowserStack
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
byNETWAYS
 
Making security-agile matt-tesauro
byMatt Tesauro
 
Security testautomation
byLinkesh Kanna Velu
 
AppSec Pipeline - Velcocity NY 2015
byMatt Tesauro
 
DevOps AppSec Pipeline Velcocity NY 2015
byAaron Weaver
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
byMatt Tesauro
 
LogmaticPresentation
bylogmatic.io
 
Security as Code: DOES15
byEd Bellis
 
Intro to DefectDojo at OWASP Switzerland
byMatt Tesauro
 
Cloud Platforms for Java
by3Pillar Global
 
Inspector
bySudipto Chakraborty
 
Compliance as Code - Using the Open Source InSpec testing Framework
bySonatype
 
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
byAndreas Grabner
 
D3NY17- Using IncapRules to Customize Security
byImperva Incapsula
 
AppSec Pipeline Reference Architecture
byAaron Weaver
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
bysrini0x00
 

Viewers also liked

PDF
26 Time Management Hacks I Wish I'd Known at 20
byÉtienne Garbugli
 
PPTX
Travel Massive May Meetup ft Travelabulous
byNicole Wharry
 
PPSX
Practicadepowerpoint feliperivas
byDkee
 
ODP
Rosalind 01
byndrsvictor
 
PDF
Piano aria regione sicilia audizioni in commissione territorio ambiente inter...
byPino Ciampolillo
 
PPTX
Konsep pemanfaatan dapodik ptk dikdas jakarta 19082013
byHadi Wuryanto
 
PPTX
Matemati̇k sorulari
byIrmak Altınok
 
PDF
Evaluación De Diferentes Fuentes De Minerales Para La Regulación Del Ph Y Con...
byElKanahán Rodríguez
 
DOC
Sourdough Bread-making 101 with Tegan Wong-Daugherty & Speerville Flour Mill
byacornorganic
 
PDF
STUDY GUIDE UNCSD
byZain Azzaino
 
DOCX
AIRGAS DOCUMENT
bySusan Lenards
 
PDF
Want to fundamentally change the growth trajectory of your business? Click he...
bysdiec
 
PPT
FlexLine - Интуитивно просто
byA_Nikolay
 
PPS
Siempre lo mejor
byjose cruz
 
PDF
Cv 013 haye
byGrégoire Le Doaré
 
PPTX
Richard dyer star theory
byNatasha Newman
 
PPTX
Hypodermic needle
byNatasha Newman
 
PDF
Why do you need gmat coaching in gurgaon
bymnemoniceducation
 
PDF
Silicon Importance on Aliviating Biotic and Abiotic Stress on Sugarcane
byCTBE - Brazilian Bioethanol Sci&Tech Laboratory
 
PPTX
Alexander graham bell powerpoint slide
bylamle103
 
26 Time Management Hacks I Wish I'd Known at 20
byÉtienne Garbugli
 
Travel Massive May Meetup ft Travelabulous
byNicole Wharry
 
Practicadepowerpoint feliperivas
byDkee
 
Rosalind 01
byndrsvictor
 
Piano aria regione sicilia audizioni in commissione territorio ambiente inter...
byPino Ciampolillo
 
Konsep pemanfaatan dapodik ptk dikdas jakarta 19082013
byHadi Wuryanto
 
Matemati̇k sorulari
byIrmak Altınok
 
Evaluación De Diferentes Fuentes De Minerales Para La Regulación Del Ph Y Con...
byElKanahán Rodríguez
 
Sourdough Bread-making 101 with Tegan Wong-Daugherty & Speerville Flour Mill
byacornorganic
 
STUDY GUIDE UNCSD
byZain Azzaino
 
AIRGAS DOCUMENT
bySusan Lenards
 
Want to fundamentally change the growth trajectory of your business? Click he...
bysdiec
 
FlexLine - Интуитивно просто
byA_Nikolay
 
Siempre lo mejor
byjose cruz
 
Cv 013 haye
byGrégoire Le Doaré
 
Richard dyer star theory
byNatasha Newman
 
Hypodermic needle
byNatasha Newman
 
Why do you need gmat coaching in gurgaon
bymnemoniceducation
 
Silicon Importance on Aliviating Biotic and Abiotic Stress on Sugarcane
byCTBE - Brazilian Bioethanol Sci&Tech Laboratory
 
Alexander graham bell powerpoint slide
bylamle103
 

Similar to 12 Days of Coding Errors

PPTX
BUSTED! How to Find Security Bugs Fast!
byParasoft
 
PDF
Best Practices of Static Code Analysis in the SDLC
byParasoft_Mitchell
 
PDF
How to Select a Static Analysis Tool
byParasoft_Mitchell
 
PDF
EuroSPI 2016 - Software Safety and Security Through Standards
byArthur Hicken
 
PDF
Software Safety and Security Through Standards
byParasoft
 
PDF
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
byParasoft
 
PDF
Parasoft fda software compliance part2
byEngineering Software Lab
 
PPTX
How to Avoid Continuously Delivering Faulty Software
byParasoft
 
PDF
Java Defects
byErika Barron
 
PDF
Driving Risks Out of Embedded Automotive Software
byParasoft
 
PDF
Software Development Graveyard
byErika Barron
 
PDF
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
byPROIDEA
 
PDF
Real World Static Analysis Boot Camp
byErika Barron
 
PDF
chapter1 software engineering slides.pdf
byssuser912955
 
PDF
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
byDenim Group
 
PDF
ABC's of Service Virtualization
byParasoft
 
PDF
Java Code Review Checklist
byMahesh Chopker
 
PDF
Rolling Out An Enterprise Source Code Review Program
byDenim Group
 
PPT
Software Security in the Real World
byMark Curphey
 
PPTX
Eirtight writing secure code
byKieran Dundon
 
BUSTED! How to Find Security Bugs Fast!
byParasoft
 
Best Practices of Static Code Analysis in the SDLC
byParasoft_Mitchell
 
How to Select a Static Analysis Tool
byParasoft_Mitchell
 
EuroSPI 2016 - Software Safety and Security Through Standards
byArthur Hicken
 
Software Safety and Security Through Standards
byParasoft
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
byParasoft
 
Parasoft fda software compliance part2
byEngineering Software Lab
 
How to Avoid Continuously Delivering Faulty Software
byParasoft
 
Java Defects
byErika Barron
 
Driving Risks Out of Embedded Automotive Software
byParasoft
 
Software Development Graveyard
byErika Barron
 
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
byPROIDEA
 
Real World Static Analysis Boot Camp
byErika Barron
 
chapter1 software engineering slides.pdf
byssuser912955
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
byDenim Group
 
ABC's of Service Virtualization
byParasoft
 
Java Code Review Checklist
byMahesh Chopker
 
Rolling Out An Enterprise Source Code Review Program
byDenim Group
 
Software Security in the Real World
byMark Curphey
 
Eirtight writing secure code
byKieran Dundon
 

More from Erika Barron

PDF
Parasoft PIE infographic
byErika Barron
 
PDF
Parasoft Case Study: Wipro
byErika Barron
 
PDF
Are Your Continuous Tests Too Fragile for Agile?
byErika Barron
 
PPTX
Service Virtualization: Delivering Complex Test Environments on Demand
byErika Barron
 
PDF
How the Cloud Shifts the Burden of Security to Development
byErika Barron
 
PPTX
Static Analysis and the FDA Guidance for Medical Device Software
byErika Barron
 
PPTX
Creating Complete Test Environments in the Cloud
byErika Barron
 
PPTX
How To Avoid Continuously Delivering Faulty Software
byErika Barron
 
PDF
APIs Gone Wild - Star West 2013
byErika Barron
 
PPTX
Cloud migration slides
byErika Barron
 
PPT
Complex End-to-End Testing
byErika Barron
 
PDF
How the Grinch Stole Software Testing
byErika Barron
 
PDF
Service Virtualization
byErika Barron
 
PPT
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
byErika Barron
 
PPT
Beyond Static Analysis: Integrating Java Static Analysis with Unit Testing an...
byErika Barron
 
PPT
The Development Graveyard: How Software Projects Die
byErika Barron
 
PDF
Beyond Static Analysis: Integrating C and C++ Static Analysis with Unit Testi...
byErika Barron
 
Parasoft PIE infographic
byErika Barron
 
Parasoft Case Study: Wipro
byErika Barron
 
Are Your Continuous Tests Too Fragile for Agile?
byErika Barron
 
Service Virtualization: Delivering Complex Test Environments on Demand
byErika Barron
 
How the Cloud Shifts the Burden of Security to Development
byErika Barron
 
Static Analysis and the FDA Guidance for Medical Device Software
byErika Barron
 
Creating Complete Test Environments in the Cloud
byErika Barron
 
How To Avoid Continuously Delivering Faulty Software
byErika Barron
 
APIs Gone Wild - Star West 2013
byErika Barron
 
Cloud migration slides
byErika Barron
 
Complex End-to-End Testing
byErika Barron
 
How the Grinch Stole Software Testing
byErika Barron
 
Service Virtualization
byErika Barron
 
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
byErika Barron
 
Beyond Static Analysis: Integrating Java Static Analysis with Unit Testing an...
byErika Barron
 
The Development Graveyard: How Software Projects Die
byErika Barron
 
Beyond Static Analysis: Integrating C and C++ Static Analysis with Unit Testi...
byErika Barron
 

Recently uploaded

PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Workflow and decision Automation with Flowable
bychakib ch
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 

12 Days of Coding Errors

  • 1.
    Arthur Hicken –Parasoft 2013-12-20 December 2013 Parasoft © 2013 1
  • 2.
    GoToWebinar Housekeeping Your Participation Openand hide your control panel Join audio: • Choose “Mic & Speakers” to use VoIP • Choose “Telephone” and dial using the information provided Submit questions and comments via the Questions panel Note: Today’s presentation is being recorded and will be provided within a week. Parasoft © 2013 2
  • 3.
    1 Overloaded System Know the load you need  Normal  Peak  Test before deploying  Isolate each component  Service Virtualization Parasoft © 2013 3
  • 4.
    2 Text Editors Texteditors • VI • Emacs Modern editors: • Save Time • Reduce bugs • Increase understanding Parasoft © 2013 4
  • 5.
    Results where they’reneeded  Email is not an IDE  Browser is not an IDE Tasks Automatically Distributed Parasoft © 2013 5
  • 6.
    3 accidental assignments if (a = b) {}  If a.equals(b){ Parasoft © 2013 6
  • 7.
    4 Plaintext Passwords Sensitivedata should be encrypted Enforce reasonable passwords Sending Storing Parasoft © 2013 7
  • 8.
    5 SQLi Common Easy toexploit Easy to prevent Data validation Stored procedures Parasoft © 2013 8
  • 9.
    6 Unstable builds Non-repeatable builds Humansteps required Artifacts not all under control Environment not under control Parasoft © 2013 9
  • 10.
    7 Memory Errors        Overwrites Readoverflow Write overflow Lucky pointers Uninitialized memory Buffer underrun Dangling references Parasoft © 2013 10
  • 11.
    8 Unhandled exceptions When to handle, when to re-throw  Run-time vs compile-time checking  Empty handlers Parasoft © 2013 11
  • 12.
    9 Race Conditions Hard to find  Hard to reproduce  Careful API use Parasoft © 2013 12
  • 13.
    10 False Positives Proper Configuration ProperRules Leaving noise leads to missing issues Proper Suppressions Parasoft © 2013 13
  • 14.
    Doing too much Toomany rules Too much code Unimportant rules Parasoft © 2013 14
  • 15.
    11 Memory Leaks     Allsoftware leaks Resources, not just memory Proper API use Runtime debugger with good test suite Parasoft © 2013 15
  • 16.
    12 Null Pointers Affect stability Important forAPIs Can be prevented Parasoft © 2013 16
  • 17.
    The Whole List 1 - Overloaded system  2 - Text editors  3 - Accidental assignments  4 – Plaintext passwords  5 – SQLi  6 – Unstable builds Parasoft © 2013  7 – Memory errors  8 – Unhandled exceptions  9 – Race conditions  10 – False positives  11 - Memory leaks  12 - Null pointers 17
  • 18.
    Next  Coming inJanuary  New Years resolutions for Software Development Parasoft © 2013 18
  • 19.
     Web  http://www.parasoft.com/jsp/resources Blog  http://alm.parasoft.com  Social  Facebook: https://www.facebook.com/parasoftcorporation  Twitter: @Parasoft @MustRead4Dev  LinkedIn: http://www.linkedin.com/company/parasoft  Google+ Community: Static Analysis for Fun and Profit Parasoft © 2013 19

Editor's Notes

  • #3 Give Attendees a closer look at the control panel and how they can participate. Text may be adjusted to suit your event needs.Note: Hand Raising is enabled (see slide 3)Visit the “Options” menu in the Organizer control panel a check to allow attendees to Raise Hands.
  • #4 Healthcare.govCyber Monday at Motorola
  • #7 8. Comparison assignment ( = rather than == )This is an easy error to make. If you're used other languages before, such as Pascal, you'll realize just how poor a choice this was by the language's designers. In Pascal, for example, we use the := operator for assignment, and leave = for comparison. This looks like a throwback to C/C++, from which Java draws its roots.Fortunately, even if you don't spot this one by looking at code on the screen, your compiler will. Most commonly, it will report an error message like this : "Can't convert xxx to boolean", where xxx is a Java type that you're assigning instead of comparing.7. Comparing two objects ( == instead of .equals)When we use the == operator, we are actually comparing two object references, to see if they point to the same object. We cannot compare, for example, two strings for equality, using the == operator. We must instead use the .equals method, which is a method inherited by all classes from java.lang.Object.Here's the correct way to compare two strings.String abc = "abc"; String def = "def";// Bad wayif ( (abc + def) == "abcdef" ){ ......}// Good wayif ( (abc + def).equals("abcdef") ){ .....}
  • #8 LinkedInProgrammer passwords:Plain text passwordsUser passwords:Same password multiple sites8 char passwordDictionary password
  • #15 Don’t start with too many rulesStatic Analysis is about processIt’s incrementalAvoid biting off more than you can chewAvoid any rule you won’t stop the build for
  • #20 Questions:1) When you have a tool that finds possible null pointers, aren’t most cases just false positives?2) Do new IDE’s really work any better than my old setup? I’m pretty effective already.3) I have a really hard time finding a thread problem in my application – what can I do?