This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Java Project"
| Line 1: | Line 1: | ||
| − | The | + | While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications. |
| + | |||
| + | ==Securing the Java Environment== | ||
| + | Verifier and Sandbox | ||
| + | JRE vs. JDK (precompile JSPs) | ||
| + | |||
| + | |||
| + | ==Securing Java Application Code== | ||
| + | Common vulnerabilities like...Runtime.exec, Statement, readline() | ||
| + | Dangers of native code, dynamic code, and reflection | ||
| + | Tools like PMD and FindBugs | ||
| + | Security mechanisms like logging, encryption, error handling | ||
| + | |||
| + | ==Securing the J2EE Environment== | ||
| + | Minimize attack surface in web.xml | ||
| + | Configure error handlers | ||
| + | |||
| + | ==Securing J2EE Application Code== | ||
| + | Vulnerabilities like... | ||
| + | Using J2EE filters for protection | ||
| + | Mechanisms like input validation, encoding | ||
| + | Common vulnerabilities like... | ||
| + | |||
| + | [[Category:Languages]] | ||
{{Template:Stub}} | {{Template:Stub}} | ||
Revision as of 22:50, 24 May 2006
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security Vulnerabilities apply to Java applications just like other environments. The notable exception is buffer overflow and related issues that do not apply to Java applications.
Securing the Java Environment
Verifier and Sandbox JRE vs. JDK (precompile JSPs)
Securing Java Application Code
Common vulnerabilities like...Runtime.exec, Statement, readline() Dangers of native code, dynamic code, and reflection Tools like PMD and FindBugs Security mechanisms like logging, encryption, error handling
Securing the J2EE Environment
Minimize attack surface in web.xml Configure error handlers
Securing J2EE Application Code
Vulnerabilities like... Using J2EE filters for protection Mechanisms like input validation, encoding Common vulnerabilities like...
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Media in category "OWASP Java Project"
This category contains only the following file.
