This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Java leading security practice"
(→Introduction) |
(→Class Access) |
||
| Line 10: | Line 10: | ||
#Fields | #Fields | ||
#Mutable Objects | #Mutable Objects | ||
| + | |||
| + | Put simply don't have public fields or methods in a class unless required. Every method, field, class that is not private is a potential avenue of attack. Provide accessors to them so you can limit their accessibility. | ||
| + | |||
===Initialisation=== | ===Initialisation=== | ||
===Finality=== | ===Finality=== | ||
Revision as of 11:01, 15 August 2007
OWASP Code Review Guide Table of ContentsIntroduction
This section covers the main Java-centric areas which are perscribed as leading security practice when developing java applications and code. So when we are performing a codfe review on some Java code we should look at the following areas of concern. Getting developers to adopt leading practice techniques gives the inherent basic security features all code should have, "Self Defending Code".
Class Access
- Methods
- Fields
- Mutable Objects
Put simply don't have public fields or methods in a class unless required. Every method, field, class that is not private is a potential avenue of attack. Provide accessors to them so you can limit their accessibility.
