SlideShare a Scribd company logo

Secure code 3rd_party_libs

Download as PPTX, PDF
FKM Naimul Huda, PMP
FKM Naimul Huda, PMP

The document discusses using third-party libraries to write secure code. It recommends avoiding writing your own cryptographic code and using well-tested libraries instead. Examples of commonly used libraries are provided, like Apache Commons Lang and IO, Google Guava, and Joda DateTime. Code snippets show how methods from these libraries can replace custom code for tasks like string escaping, file copying, and date handling. Using third-party libraries reduces bugs and makes code more secure and maintainable.

1 of 7
Secure code with 3rd Party Library ● Avoid rolling your own cryptographic code (read - this to know why) ● Don’t reinvent the wheel! - Always follow DRY, KISS approach ● Less is better - Use of tried-and-tested 3rd party libraries means you will have less things to worry; your code will have less number of bugs. Also read the secure code guild from Oracle: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Find the commons mistakes developers make http://find-sec-bugs.github.io/bugs.htm
Secure code with 3rd Party Library Some very common 3rd party libraries - ● Apache commons Lang and IO ● Google Guava to compliment Java Collections API ● Joda Datetime Library (for Java Version <= 7) ● And many more Some sample code snippets from our repository where we could have used 3rd library methods -
commons.lang.StringEscapeUtils Before: After: StringEscapeUtils.escapeXml(value); StringBuilder result = new StringBuilder(value.length()); for (int i = 0; i < value.length(); ++i) { switch (value.charAt(i)) { case '<': result.append("&lt;"); break; case '>': result.append("&gt;"); break; case '"': result.append("&quot;"); break; default: result.append(value.charAt(i)); break; } } return result.toString(); Also hundreds of practical uses of String manipulation (join, replace, conversion, etc) from: http://commons.apache.org/proper/commons-lang/javadocs/api- 3.1/org/apache/commons/lang3/StringUtils.html http://docs.spring.io/spring/docs/current/javadoc- api/org/springframework/util/StringUtils.html
org.apache.commons.io.IOUtils (similar FileUtils) Before : After: IOUtils.copy(new FileReader(indexFile), sw); StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); BufferedReader in = null; try { in = new BufferedReader(new FileReader(indexFile)); String line = in.readLine(); while (line != null) { out.println(line); line = in.readLine(); } } finally { if (in != null) { try { in.close(); } catch (Exception t) { log.warn("", t); } finally { in = null; } } out.close(); } More from: https://commons.apache.org/proper/commons-io/bestpractices.html
After: Date firstDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMinimumValue() .toDate(); Date lastDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMaximumValue() .toDate(); org.joda.DateTime (or Java 8 Date API) Before: Calendar fromCal = Calendar.getInstance(); fromCal.set(Calendar.DAY_OF_MONTH, 1); if (spec.getMonth() > 0) { fromCal.set(Calendar.MONTH, spec.getMonth() - 1); } if (spec.getYear() > 0) { fromCal.set(Calendar.YEAR, spec.getYear()); } fromCal.set(Calendar.HOUR_OF_DAY, 0); fromCal.set(Calendar.MINUTE, 0); fromCal.set(Calendar.SECOND, 0); fromCal.set(Calendar.MILLISECOND, 0); Calendar toCal = Calendar.getInstance(); if (spec.getMonth() > 0) { toCal.set(Calendar.MONTH, spec.getMonth() - 1); } toCal.set(Calendar.DAY_OF_MONTH, toCal.getActualMaximum(Calendar.DAY_OF_MONTH)); if (spec.getYear() > 0) { toCal.set(Calendar.YEAR, spec.getYear()); } toCal.set(Calendar.HOUR_OF_DAY, 0); toCal.set(Calendar.MINUTE, 0); toCal.set(Calendar.SECOND, 0); toCal.set(Calendar.MILLISECOND, 0); More from: http://stackoverflow.com/questions/589870/should-i-use-java- date-and-time-classes-or-go-with-a-3rd-party-library-like-joda
After: filterMap = Splitter.on(",").withKeyValueSeparator("=") .split(Globals.getProperty(commaSepKeyVals)); Google Guava: com.google.common.base.Splitter Before: Sample value prop1=value1,prop2=value2,prop3=value3 HashSet set = new HashSet(); String property = Globals.getProperty(commaSepKeyVals); if(property != null && property.length() > 0) { Vector v = RegexUtil.split("/,/", property); set.addAll(v); } Iterator<String> iter = set.iterator(); while (iter.hasNext()) { String paramFilterKeyVal = iter.next(); String[] keyValue = paramFilterKeyVal.split("="); if (keyValue.length == 2) { filterMap.put(keyValue[0], keyValue[1]); } } More from: http://stackoverflow.com/questions/3759440/the-guava-library-for-java-what- are-its-most-useful-and-or-hidden-features
Thanks Naimul Huda mdnhuda@gmail.com

Recommended

Gsummit apis-2012
Gsummit apis-2012Gsummit apis-2012
Gsummit apis-2012
Gluster.org
 
java copy file program
java copy file programjava copy file program
java copy file program
Glen Pais
 
Multi threading
Multi threadingMulti threading
Multi threading
Maryam Ansari
 
Xitrum internals
Xitrum internalsXitrum internals
Xitrum internals
Ngoc Dao
 
File io
File io File io
File io
نورا احمد
 
Gsummit apis-2013
Gsummit apis-2013Gsummit apis-2013
Gsummit apis-2013
Gluster.org
 
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Codemotion
 
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Codemotion
 

Recommended

Gsummit apis-2012
Gsummit apis-2012Gsummit apis-2012
Gsummit apis-2012
Gluster.org
 
java copy file program
java copy file programjava copy file program
java copy file program
Glen Pais
 
Multi threading
Multi threadingMulti threading
Multi threading
Maryam Ansari
 
Xitrum internals
Xitrum internalsXitrum internals
Xitrum internals
Ngoc Dao
 
File io
File io File io
File io
نورا احمد
 
Gsummit apis-2013
Gsummit apis-2013Gsummit apis-2013
Gsummit apis-2013
Gluster.org
 
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Codemotion
 
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Briefly Rust - Daniele Esposti - Codemotion Rome 2017
Codemotion
 
Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?
Shaul Rosenzwieg
 
Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011
Patrick Walton
 
Node intro
Node introNode intro
Node intro
cloudhead
 
Virtual domains
Virtual domainsVirtual domains
Virtual domains
Luca Pescatore
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래
Moon Soo Lee
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 Development
SharePoint Saturday NY
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers
Frederik De Bruyne
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, Seq
Doruk Uluçay
 
Calling python from r
Calling python from rCalling python from r
Calling python from r
Barry DeCicco
 
Codigo java
Codigo javaCodigo java
Codigo java
weberson2012
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
Rowell Dionicio
 
Workshop@naha val3
Workshop@naha val3Workshop@naha val3
Workshop@naha val3
Shusaku Fukumine
 
Macros in nemerle
Macros in nemerleMacros in nemerle
Macros in nemerle
Kota Mizushima
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie Linux
Patrick Koning
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
Nicolai Grodzitski
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Brett Estrade
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
amiable_indian
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntax
Pharo
 
Scheming Defaults
Scheming DefaultsScheming Defaults
Scheming Defaults
Ashton Williams
 
Story_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeStory_2_Kosciuszko_Bridge
Story_2_Kosciuszko_Bridge
Theresa Casey, FSMPS, CPSM
 
CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUACLAUCRUZ
 

More Related Content

What's hot

Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?
Shaul Rosenzwieg
 
Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011
Patrick Walton
 
Node intro
Node introNode intro
Node intro
cloudhead
 
Virtual domains
Virtual domainsVirtual domains
Virtual domains
Luca Pescatore
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래
Moon Soo Lee
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 Development
SharePoint Saturday NY
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers
Frederik De Bruyne
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, Seq
Doruk Uluçay
 
Calling python from r
Calling python from rCalling python from r
Calling python from r
Barry DeCicco
 
Codigo java
Codigo javaCodigo java
Codigo java
weberson2012
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
Rowell Dionicio
 
Workshop@naha val3
Workshop@naha val3Workshop@naha val3
Workshop@naha val3
Shusaku Fukumine
 
Macros in nemerle
Macros in nemerleMacros in nemerle
Macros in nemerle
Kota Mizushima
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie Linux
Patrick Koning
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
Nicolai Grodzitski
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Brett Estrade
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
amiable_indian
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntax
Pharo
 
Scheming Defaults
Scheming DefaultsScheming Defaults
Scheming Defaults
Ashton Williams
 

What's hot (20)

Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?
 
Rust All Hands Winter 2011
Rust All Hands Winter 2011Rust All Hands Winter 2011
Rust All Hands Winter 2011
 
Node intro
Node introNode intro
Node intro
 
Virtual domains
Virtual domainsVirtual domains
Virtual domains
 
Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래Spark Day 2017- Spark 의 과거, 현재, 미래
Spark Day 2017- Spark 의 과거, 현재, 미래
 
Matthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 DevelopmentMatthew Vignau: Memory Management in SharePoint 2007 Development
Matthew Vignau: Memory Management in SharePoint 2007 Development
 
#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers#win8acad : Building Metro Style Apps with XAML for .NET Developers
#win8acad : Building Metro Style Apps with XAML for .NET Developers
 
Logging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, SeqLogging, Serilog, Structured Logging, Seq
Logging, Serilog, Structured Logging, Seq
 
Calling python from r
Calling python from rCalling python from r
Calling python from r
 
Codigo java
Codigo javaCodigo java
Codigo java
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
 
Workshop@naha val3
Workshop@naha val3Workshop@naha val3
Workshop@naha val3
 
Macros in nemerle
Macros in nemerleMacros in nemerle
Macros in nemerle
 
Kick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie LinuxKick-off Project 2: Presentatie Linux
Kick-off Project 2: Presentatie Linux
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
 
Pharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntaxPharo Hands-On: 02 syntax
Pharo Hands-On: 02 syntax
 
Scheming Defaults
Scheming DefaultsScheming Defaults
Scheming Defaults
 

Viewers also liked

Story_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeStory_2_Kosciuszko_Bridge
Story_2_Kosciuszko_Bridge
Theresa Casey, FSMPS, CPSM
 
CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUACLAUCRUZ
 
Trabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cTrabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cseba123
 
RESUME_December2014
RESUME_December2014RESUME_December2014
RESUME_December2014Nick Brower
 
CustomCertificatelevel2
CustomCertificatelevel2CustomCertificatelevel2
CustomCertificatelevel2
Vinnie Lester
 
Ch fr comb_seniors_2014
Ch fr comb_seniors_2014Ch fr comb_seniors_2014
Ch fr comb_seniors_2014emiliomerayo
 
Calendario2012 2013-1
Calendario2012 2013-1Calendario2012 2013-1
Calendario2012 2013-1
Milton Pabel Cazas Gonzales
 
Comunidades Virtuales
Comunidades VirtualesComunidades Virtuales
Comunidades Virtuales
keiner monroy
 
Combat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cCombat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cMarcus Walters
 
Webflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueWebflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueAntoine GRATIAN
 
Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391
Comunidades Vivas
 
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
Mountasser Choukri
 
Calendario escolar cra 16 17
Calendario escolar cra 16 17Calendario escolar cra 16 17
Calendario escolar cra 16 17
crasadaba
 
Projeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humanoProjeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humano
Maike Zaniolo
 

Viewers also liked (18)

Story_2_Kosciuszko_Bridge
Story_2_Kosciuszko_BridgeStory_2_Kosciuszko_Bridge
Story_2_Kosciuszko_Bridge
 
CADA UM NA SUA
CADA UM NA SUACADA UM NA SUA
CADA UM NA SUA
 
Teksec Velogate
Teksec VelogateTeksec Velogate
Teksec Velogate
 
Trabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2cTrabajo sebastian gonzalez 2c
Trabajo sebastian gonzalez 2c
 
RM120_e
RM120_eRM120_e
RM120_e
 
RESUME_December2014
RESUME_December2014RESUME_December2014
RESUME_December2014
 
2
22
2
 
CustomCertificatelevel2
CustomCertificatelevel2CustomCertificatelevel2
CustomCertificatelevel2
 
Ch fr comb_seniors_2014
Ch fr comb_seniors_2014Ch fr comb_seniors_2014
Ch fr comb_seniors_2014
 
Calendario2012 2013-1
Calendario2012 2013-1Calendario2012 2013-1
Calendario2012 2013-1
 
Comunidades Virtuales
Comunidades VirtualesComunidades Virtuales
Comunidades Virtuales
 
Combat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for cCombat Lifesavers Course - Advanced lifesaving techniques for c
Combat Lifesavers Course - Advanced lifesaving techniques for c
 
kevins-kudos-page
kevins-kudos-pagekevins-kudos-page
kevins-kudos-page
 
Webflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blueWebflyer poster roadshow entreprise blue
Webflyer poster roadshow entreprise blue
 
Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391Folha Dominical - 26.09.11 Nº 391
Folha Dominical - 26.09.11 Nº 391
 
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
حربي محمد..تطور الحركة الوطنية في ايران من سنة 1890 حتى سنة 1953
 
Calendario escolar cra 16 17
Calendario escolar cra 16 17Calendario escolar cra 16 17
Calendario escolar cra 16 17
 
Projeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humanoProjeto mural escolar estágios do desenvolvimento humano
Projeto mural escolar estágios do desenvolvimento humano
 

Similar to Secure code 3rd_party_libs

Java 7 & 8 New Features
Java 7 & 8 New FeaturesJava 7 & 8 New Features
Java 7 & 8 New Features
Leandro Coutinho
 
Python for web security - beginner
Python for web security - beginnerPython for web security - beginner
Python for web security - beginner
Sanjeev Kumar Jaiswal
 
concurrency
concurrencyconcurrency
concurrency
Jonathan Wagoner
 
Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security Professionals
Aditya Shankar
 
15. text files
15. text files15. text files
15. text files
Konstantin Potemichev
 
Java sockets
Java socketsJava sockets
Java sockets
Stephen Pradeep
 
Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8
Hermann Hueck
 
.NET Multithreading/Multitasking
.NET Multithreading/Multitasking.NET Multithreading/Multitasking
.NET Multithreading/Multitasking
Sasha Kravchuk
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
sadhana312471
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
Ravishankar Somasundaram
 
Java IO Streams V4
Java IO Streams V4Java IO Streams V4
Java IO Streams V4
Sunil OS
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive Code
Ian Robertson
 
The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212
Mahmoud Samir Fayed
 
Thread
ThreadThread
Thread
phanleson
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...
Arnaud Joly
 
Hands on Session on Python
Hands on Session on PythonHands on Session on Python
Hands on Session on Python
Sumit Raj
 
Introduzione al TDD
Introduzione al TDDIntroduzione al TDD
Introduzione al TDD
Andrea Francia
 
Java Concurrency
Java ConcurrencyJava Concurrency
Java Concurrency
Carol McDonald
 
File Handling in Java.pdf
File Handling in Java.pdfFile Handling in Java.pdf
File Handling in Java.pdf
SudhanshiBakre1
 
15 Text files
15 Text files15 Text files
15 Text files
maznabili
 

Similar to Secure code 3rd_party_libs (20)

Java 7 & 8 New Features
Java 7 & 8 New FeaturesJava 7 & 8 New Features
Java 7 & 8 New Features
 
Python for web security - beginner
Python for web security - beginnerPython for web security - beginner
Python for web security - beginner
 
concurrency
concurrencyconcurrency
concurrency
 
Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security Professionals
 
15. text files
15. text files15. text files
15. text files
 
Java sockets
Java socketsJava sockets
Java sockets
 
Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8Reactive Access to MongoDB from Java 8
Reactive Access to MongoDB from Java 8
 
.NET Multithreading/Multitasking
.NET Multithreading/Multitasking.NET Multithreading/Multitasking
.NET Multithreading/Multitasking
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Java IO Streams V4
Java IO Streams V4Java IO Streams V4
Java IO Streams V4
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive Code
 
The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212The Ring programming language version 1.10 book - Part 59 of 212
The Ring programming language version 1.10 book - Part 59 of 212
 
Thread
ThreadThread
Thread
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...
 
Hands on Session on Python
Hands on Session on PythonHands on Session on Python
Hands on Session on Python
 
Introduzione al TDD
Introduzione al TDDIntroduzione al TDD
Introduzione al TDD
 
Java Concurrency
Java ConcurrencyJava Concurrency
Java Concurrency
 
File Handling in Java.pdf
File Handling in Java.pdfFile Handling in Java.pdf
File Handling in Java.pdf
 
15 Text files
15 Text files15 Text files
15 Text files
 

Recently uploaded

Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
Karya Keeper
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
kalichargn70th171
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 

Recently uploaded (20)

Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 

Secure code 3rd_party_libs

  • 1. Secure code with 3rd Party Library ● Avoid rolling your own cryptographic code (read - this to know why) ● Don’t reinvent the wheel! - Always follow DRY, KISS approach ● Less is better - Use of tried-and-tested 3rd party libraries means you will have less things to worry; your code will have less number of bugs. Also read the secure code guild from Oracle: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Find the commons mistakes developers make http://find-sec-bugs.github.io/bugs.htm
  • 2. Secure code with 3rd Party Library Some very common 3rd party libraries - ● Apache commons Lang and IO ● Google Guava to compliment Java Collections API ● Joda Datetime Library (for Java Version <= 7) ● And many more Some sample code snippets from our repository where we could have used 3rd library methods -
  • 3. commons.lang.StringEscapeUtils Before: After: StringEscapeUtils.escapeXml(value); StringBuilder result = new StringBuilder(value.length()); for (int i = 0; i < value.length(); ++i) { switch (value.charAt(i)) { case '<': result.append("&lt;"); break; case '>': result.append("&gt;"); break; case '"': result.append("&quot;"); break; default: result.append(value.charAt(i)); break; } } return result.toString(); Also hundreds of practical uses of String manipulation (join, replace, conversion, etc) from: http://commons.apache.org/proper/commons-lang/javadocs/api- 3.1/org/apache/commons/lang3/StringUtils.html http://docs.spring.io/spring/docs/current/javadoc- api/org/springframework/util/StringUtils.html
  • 4. org.apache.commons.io.IOUtils (similar FileUtils) Before : After: IOUtils.copy(new FileReader(indexFile), sw); StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); BufferedReader in = null; try { in = new BufferedReader(new FileReader(indexFile)); String line = in.readLine(); while (line != null) { out.println(line); line = in.readLine(); } } finally { if (in != null) { try { in.close(); } catch (Exception t) { log.warn("", t); } finally { in = null; } } out.close(); } More from: https://commons.apache.org/proper/commons-io/bestpractices.html
  • 5. After: Date firstDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMinimumValue() .toDate(); Date lastDayOfMonth = new DateTime().withTimeAtStartOfDay() .dayOfMonth().withMaximumValue() .toDate(); org.joda.DateTime (or Java 8 Date API) Before: Calendar fromCal = Calendar.getInstance(); fromCal.set(Calendar.DAY_OF_MONTH, 1); if (spec.getMonth() > 0) { fromCal.set(Calendar.MONTH, spec.getMonth() - 1); } if (spec.getYear() > 0) { fromCal.set(Calendar.YEAR, spec.getYear()); } fromCal.set(Calendar.HOUR_OF_DAY, 0); fromCal.set(Calendar.MINUTE, 0); fromCal.set(Calendar.SECOND, 0); fromCal.set(Calendar.MILLISECOND, 0); Calendar toCal = Calendar.getInstance(); if (spec.getMonth() > 0) { toCal.set(Calendar.MONTH, spec.getMonth() - 1); } toCal.set(Calendar.DAY_OF_MONTH, toCal.getActualMaximum(Calendar.DAY_OF_MONTH)); if (spec.getYear() > 0) { toCal.set(Calendar.YEAR, spec.getYear()); } toCal.set(Calendar.HOUR_OF_DAY, 0); toCal.set(Calendar.MINUTE, 0); toCal.set(Calendar.SECOND, 0); toCal.set(Calendar.MILLISECOND, 0); More from: http://stackoverflow.com/questions/589870/should-i-use-java- date-and-time-classes-or-go-with-a-3rd-party-library-like-joda
  • 6. After: filterMap = Splitter.on(",").withKeyValueSeparator("=") .split(Globals.getProperty(commaSepKeyVals)); Google Guava: com.google.common.base.Splitter Before: Sample value prop1=value1,prop2=value2,prop3=value3 HashSet set = new HashSet(); String property = Globals.getProperty(commaSepKeyVals); if(property != null && property.length() > 0) { Vector v = RegexUtil.split("/,/", property); set.addAll(v); } Iterator<String> iter = set.iterator(); while (iter.hasNext()) { String paramFilterKeyVal = iter.next(); String[] keyValue = paramFilterKeyVal.split("="); if (keyValue.length == 2) { filterMap.put(keyValue[0], keyValue[1]); } } More from: http://stackoverflow.com/questions/3759440/the-guava-library-for-java-what- are-its-most-useful-and-or-hidden-features