Java/J2ee Security Best practices

Best practises of Java/J2EE application development
1. Stop Memory Leak errors in by (garbage collection of unused objects, stop dangling references).
e.g String immutable class can lead to memory leak while mutable versions like StringBuffer, StringBuilder can reduce memory leak.

2. NIO Packages can improve performance with features non-blocking Input/output API. NIO packages can by using buffers to hold data, memory mapping of files minimize acess to hard disk, operating system.
3.  Coding to Interface reduce coupling. Low coupling and high cohesion should be goal of applications.
4. Types of inheritance :
Implementation Inheritance: best practise subclasses should only depend on behaviour of super classes and not on actual implementation. As superclasses become tightly coupled with subclasses making design not flexible as to chang superclass all details of subclasses must be known to avoid breaking them.

Interface Inheritance: Program to Interface not implementation as coding to interface reduce coupling. Also inheritance cannot be changed at run time. Object composition requires functionality is acquired dynamically at runtime. Also promotes Open Close principle of OOAD.

5. Design by Contract: Use of Assertion Enforce Input compulsory contracts. message also capture detailed statement for AssertionError

6. Use OOAD principles

  • Open Close Principle:  Open for Extension and Close for modifications Enforce minimum changes in existing code.
  • Dependency Inversion Principle: High level modules contain complex logic hence should not depend on low level module for implementation.
    Order: High level classes –> Abstraction Layer –> low level classes
  • Interface Segregation Principle: client should not implement interfaces not used.
  • Single Responsibility Principle: Every class should have single responsibility (reason to change) reducing complexity.
  • Liskov’s Substitution Principle: Derived Types should be substitutable to base types.

7. For multi threading application When atleast one thread adds or delete into collection use API external Synchronization.
Three Types of collection { Map, Tree, List}
Map mymap1= Collection.sychronizedMap(mymap1); // Lock for Entire Map.
8. Use zero length Collection as opposed to returning Null:
StringBufferOverflow Attack Can be caused due
9 Deep and Shallow copy of objects : To Be continued.
Read more details:
1. Design principle in Real World
2. generalize-problem-solving-through-design-pattern