Category Archives: Java/Java EE

Progress on the OCA: Oracle Certified Associate Java SE 8 Programmer I Study Guide

Posted on by
2

book-pdf

In September, Scott and I announced we were writing a book for the OCA (Java 8) exam. Just over a month later, the book cover is up on Amazon along with the estimated publish date of December 31, 2014. I assume this means early January as I find it hard to believe anything happens at a large company during Christmas/New Year’s Week.

It’s great to see progress though. The book is now starting the technical proofreading stage. Yesterday, our tech proofer showed us what the PDF or some of the chapters looks like. it was really cool seeing the jump from a (heavily edited and iterative) Word document to a sharp looking PDF. It’s also exciting seeing something we wrote in near final form.

OWASP A9 – Using Insight/CLM for CodeRanch

Posted on by
Reply

This week at CodeRanch we have a promotion for Iron Clad Java. Before the promo, I wanted to make sure we didn’t have anything embarrassing going on. We had already dealt with XSSCSRF, Clickjacking and brute force logins. As I looked through the OWASP Top 10, I realized that I had no idea how we were doing on A9 “Using Components with Known Vulnerabilities”.

I saw that Sonatype provides a free Insight scan. I did that and got a nice summary:

clmHigh level summary

The high points of the summary are that:

  1. We use 58 libraries
  2. No high known security vulnerabilities in the libraries we use!
  3. Need to look into the details for the license “issues” since we are non-commerical.

Details

I then clicked on the other tabs and got a sample report. That’s the line where free lives. Since CodeRanch doesn’t have a budget, I asked the vendor for a free credit to see the report and they graciously agreed.

I then learned:

  1. All four of our security “issues” were in commons-httpclient. This library isn’t used anywhere in the codebase or in unit tests. I checked the description of the issue and we don’t  use that part of the library. So clean! I’m impressed that a completely volunteer run site came out clean. Good job to all the mods who update the jars!
  2. The license part showed a variety of licenses. For example dom4j and hibernate-core came up. The licenses would be more useful if we were a company and owned the product/could configure it ourselves.
  3. It was cool seeing the ages of the components we use. And which ones are exact matches vs similar. (I’m sure we didn’t edit hibernate-core!)

This report would be clearly be more useful for a large company. More applications and more people who work on them makes it harder to know what is going on. Still, I’m glad I didn’t have to check 50+ libraries by hand.

Disclaimer: I received free access to the detailed report in exchange for writing this review.

 

jeanne’s oca/ocajp 8 java programmer I experiences

Posted on by
2

Two years ago, I took the OCA/OCAJP 7 Java programmer I exam and wrote about my experiences. I took the exam this time as part of writing the Java OCA 8 Programmer I Study Guide.

What’s new in version 8?

As you can see from the OCA/Java SE 8 Programmer I official exam page, most of the objectives are the same on OCA 7 and OCA 8. There is a mapping by objective title/number on CodeRanch. The new topics were:

  • Running from the command line
  • Compare and contrast the features and components of Java such as: platform independence, object orientation, encapsulation, etc.
  • Wrapper classes
  • Lambdas/predicates
  • Java 8 date/time classes

How did I study?

As I got a 98% on the previous version of the exam, I didn’t really need to study. [edit: I got a 91% of the OCAJP 8 and a perfect score on all the new Java 8 topics]. It was more of review. Plus writing a book on the topic really gets you ready.  I “studied” by doing all of our review and practice exam questions within a week of the test. This also served as a nice sanity check that the questions we wrote prior to taking the beta were decently in sync. (It’s interesting when writing a cert book that you are writing the questions without seeing the exam. This is good as it prevents accidentally mirroring the questions of the moment in the book. As Oracle changes questions over time, it is better to be learning the topics/tricks from a book and improving your skills/test taking ability.)

To learn the Java 8 in the first place, I read two books:

Oracle has some tutorials:

I also wrote a bunch of practice code. And wrote lots of lambda expressions in other languages.

Test Day

  • The exam software claimed that if you pressed the control key, it would cross out an answer so you could remember which ones you eliminated. That’s a good idea. Unfortunately, pressing the control key did absolutely nothing and clicking merely selected an answer I wanted to rule out as correct. I hope they fix this as it is a nice feature.
  • When I took the OCA 7, I had all the time in the world. On this exam, I had enough time to do the questions, but not enough to review them all. The beta gives you just over a minute per question. The real exam gives more time.
  • I went back to my usual exam center. They gave me an “erasable notebook” with 9 pages and an eraser. This meant I could write as much as I wanted. I probably filled about 4 pages as I went. It’s not the same as the paper/pen they used to gie, but is perfectly sufficient.