This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Java leading security practice

Jump to: navigation, search

Threat model?

What is the threat model behind these recommendations? Most of them don't seem to make sense to me because they can be bypassed in 5 minutes with a custom classloader, so I'm wondering what I'm missing. HenryAyoola 05:13, 10 February 2009 (EST)

The threat model allows the attacker to interact with the application only through its inputs and outputs (think "web application"). Manipulation of the virtual machine, replacement of the libraries, manipulation of the operating system are not among the mechanisms available to the attacker in this threat model. --Thomas Herlea 12:22, 8 September 2010 (UTC)

Article move proposal

I propose to rename this article from




which uses the same title case as most other section titles in the Code Review Guide and uses a more natural adjective order ( --Thomas Herlea 12:17, 8 September 2010 (UTC)