The following are some of the essential security skills that Java programmers need
Input handling. To protect their code against cross-site scripting, SQL injection and similar attacks, Java programmers must be able to write programs that read input from interfaces and properly validate and process these inputs. They need to know when to validate input and not just what to validate. Programmers need to recognize the common sources of input to Java applications, such as HTTP requests, Applet sockets and back-end databases.
Authentication and session management. This is one area on which Java programmers especially need to focus, according to Berg. Java applications often require making security decisions based on the identity of a person. Therefore, Java programmers need to understand authentication processes, how to use encryption and certificate technologies to protect those various processes, and how to manage then through a session, the document states.
Access control. Java programmers need to understand how to make applications support the enforcement of access control rules. They need to support functions for restricting access to system resources and functions based on policies. They also require an understanding of Java's authentication and authorization services and how they can be used to implement access control.
Error and exception handling. This is another area that Java programmers typically have not paid too much attention to but should, according to Berg. Developers need to understand the principles behind logging security-related events such as user log-ins, log-offs and credential changes. They need to know how much information should be logged when an error or an exception is encountered.
Encryption services. Developers need to know when and how to use encryption to protect sensitive data. They should also be responsible for knowing which of their application's external links need to be supported via encryption.
Click here for full details.