This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:Java"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications.
+
This category should be used to tag any article that has to do with Java or J2EE. You may be interested in the [[:Category:OWASP Java Project]] for more information on Java and J2EE security.
  
==Securing the Java Environment==
+
[[Category:Platform]]
Verifier and Sandbox
 
JRE vs. JDK (precompile JSPs)
 
 
 
 
 
==Securing Java Application Code==
 
Common vulnerabilities like...Runtime.exec, Statement, readline()
 
Dangers of native code, dynamic code, and reflection
 
Tools like PMD and FindBugs
 
Security mechanisms like logging, encryption, error handling
 
 
 
==Securing the J2EE Environment==
 
Minimize attack surface in web.xml
 
Configure error handlers
 
 
 
==Securing J2EE Application Code==
 
Vulnerabilities like...
 
Using J2EE filters for protection
 
Mechanisms like input validation, encoding
 
Common vulnerabilities like...
 
 
 
[[Category:Languages]]
 

Revision as of 22:47, 24 May 2006

This category should be used to tag any article that has to do with Java or J2EE. You may be interested in the Category:OWASP Java Project for more information on Java and J2EE security.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:Java&oldid=3537"