Add comprehensive Secure Coding Practices documentation

[Copilot]

Create detailed technical documentation for secure coding practices in Java with examples covering common vulnerabilities and their mitigations.

Note: This PR encountered technical issues during creation. The secure-coding.md file needs to be populated with the full document content.

Planned Content Structure

• Introduction: Secure coding definitions, risks of insecure code
• Common Vulnerabilities: SQL Injection, XSS, Deserialization, Buffer overflows, Race conditions, Input validation issues, Reflection misuse
• Secure Coding Practices: Input validation/sanitization, Output encoding, Secure API usage, Error handling, Least privilege, Immutability, Secure logging
• Java Security Features: JCA, SecureRandom vs Random, java.security/javax.crypto packages
• Serialization Security: ObjectInputFilter (Java 9+), JSON/XML validation
• Concurrency Security: Race condition prevention, thread-safe collections, atomic operations
• Secure Configuration: SSL/TLS, database connections, secrets management
• Development Lifecycle: Code reviews, static analysis (SpotBugs/SonarQube), dependency management
• 80 Code Examples: Insecure vs secure patterns with explanations

Status

Document skeleton created but content was not written due to tool execution issues. Requires completion following repository conventions (Java 25 features, compact source files, implicit imports, void main() entry points).

Original prompt

On secure-coding.md, Create a detailed technical document explaining Secure Coding Practices in Java and how to avoid common vulnerabilities. Create 80 examples.

The document should include:

1. Introduction

   • Define secure coding and its importance.
   • Explain the risks of insecure code (data breaches, exploits, financial loss).
   • Highlight why Java developers must follow security best practices.

2. Common Vulnerabilities in Java

   • SQL Injection
   • Cross-Site Scripting (XSS)
   • Deserialization attacks
   • Buffer overflows (native code integration)
   • Race conditions in multithreaded code
   • Improper input validation
   • Insecure use of reflection

3. Secure Coding Practices

   • Input Validation & Sanitization
     • Validate all user inputs.
     • Use libraries for sanitization.
   • Output Encoding
     • Encode data before rendering in web applications.
   • Secure Use of APIs
     • Avoid deprecated or unsafe APIs.
     • Use parameterized queries for database access.
   • Error Handling
     • Avoid exposing stack traces or sensitive information.
   • Principle of Least Privilege
     • Restrict permissions for code execution and resources.
   • Immutable Objects
     • Use immutability to prevent unintended state changes.
   • Secure Logging
     • Avoid logging sensitive data (passwords, tokens).

4. Java-Specific Security Features

   • Java Security Manager (legacy, but conceptually important).
   • Java Cryptography Architecture (JCA).
   • SecureRandom vs Random.
   • Use of java.security and javax.crypto packages.

5. Avoiding Vulnerabilities in Serialization

   • Risks of insecure deserialization.
   • Use ObjectInputFilter (Java 9+).
   • Prefer JSON/XML libraries with strict validation.

6. Concurrency and Security

   • Avoid race conditions with proper synchronization.
   • Use thread-safe collections.
   • Apply atomic operations where needed.

7. Secure Configuration

   • Proper use of SSL/TLS in Java applications.
   • Secure database connections.
   • Environment variable handling for secrets.

8. Best Practices for Secure Development Lifecycle

   • Code reviews with security focus.
   • Static analysis tools (SpotBugs, SonarQube).
   • Dependency management (avoid vulnerable libraries).
   • Regular patching and updates.

9. Examples

   • Show insecure vs secure code snippets for SQL queries, input validation, and serialization.
   • Provide real-world scenarios of vulnerabilities and their fixes.

10. Conclusion

    • Summarize the importance of secure coding practices.
    • Emphasize continuous learning and vigilance against evolving threats.

Formatting Requirements:

• Use clear section headings.
• Include code snippets for insecure and secure examples.
• Provide tables summarizing vulnerabilities and their mitigations.
• Write in a professional, educational tone suitable for intermediate to advanced Java developers.
• Ensure the document is cohesive, well-organized, and easy to follow.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.