Category:OWASP Java Project

About
The OWASP Java Project's goal is to enable Java and J2EE developers to build secure applications efficiently. See the OWASP Java Project Roadmap for more information on our plans.

Joining the Project
Stephen de Vries and Rohyt Belani lead the project. We're currently building out the OWASP Java Project Roadmap. Please submit your ideas for where we should spend our efforts there.

We're in the process of creating the email list for the OWASP project. Stay tuned for more details.

Java Security Overview
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security Vulnerabilities apply to Java applications just like other environments. The notable exception is buffer overflow and related issues that do not apply to Java applications.

Securing the Java Environment
Verifier and Sandbox JRE vs. JDK (precompile JSPs)

Securing Java Application Code
Common vulnerabilities like...Runtime.exec, Statement, readline Dangers of native code, dynamic code, and reflection Tools like PMD and FindBugs Security mechanisms like cryptography, logging, encryption, error handling

Securing the J2EE Environment
Minimize attack surface in web.xml Configure error handlers

Securing J2EE Application Code
Vulnerabilities like... Using J2EE filters for protection Mechanisms like input validation, encoding Common vulnerabilities like...