|
|
| (142 intermediate revisions by 18 users not shown) |
| Line 1: |
Line 1: |
| − | {{Template:Stub}}
| + | #REDIRECT [[:Category:Java]] |
| − | | |
| − | ; Volunteer leader needed
| |
| − | The Java project is just getting started and we need a leader. The job requires a bit of project management skill and some editing skill, but doesn't require that you are the ultimate Java, J2EE, or security expert. There are plenty of those associated with OWASP. But we need someone to get us organized. If you're interested, please contact [email protected]. | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications.
| |
| − | | |
| − | ==Securing the Java Environment==
| |
| − | Verifier and Sandbox
| |
| − | JRE vs. JDK (precompile JSPs)
| |
| − | | |
| − | | |
| − | ==Securing Java Application Code==
| |
| − | Common vulnerabilities like...Runtime.exec, Statement, readline()
| |
| − | Dangers of native code, dynamic code, and reflection
| |
| − | Tools like PMD and FindBugs
| |
| − | Security mechanisms like logging, encryption, error handling
| |
| − | | |
| − | ==Securing the J2EE Environment==
| |
| − | Minimize attack surface in web.xml
| |
| − | Configure error handlers
| |
| − | | |
| − | ==Securing J2EE Application Code==
| |
| − | Vulnerabilities like...
| |
| − | Using J2EE filters for protection
| |
| − | Mechanisms like input validation, encoding
| |
| − | Common vulnerabilities like...
| |
| − | | |
| − | [[Category:Platform]]
| |
| − | [[Category:OWASP Project]]
| |
