Difference between revisions of "Category:Java"

From OWASP
Jump to: navigation, search
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications.
+
This category should be used to tag any article that has to do with Java or J2EE. You may be interested in the [[:Category:OWASP Java Project]] for more information on Java and J2EE security.
 
 
==Securing the Java Environment==
 
Verifier and Sandbox
 
JRE vs. JDK (precompile JSPs)
 
 
 
 
 
==Securing Java Application Code==
 
Common vulnerabilities like...Runtime.exec, Statement, readline()
 
Dangers of native code, dynamic code, and reflection
 
Tools like PMD and FindBugs
 
Security mechanisms like logging, encryption, error handling
 
 
 
==Securing the J2EE Environment==
 
Minimize attack surface in web.xml
 
Configure error handlers
 
 
 
==Securing J2EE Application Code==
 
Vulnerabilities like...
 
Using J2EE filters for protection
 
Mechanisms like input validation, encoding
 
Common vulnerabilities like...
 
  
 +
[[Category:Technology]]
 +
[[Category:OWASP Java Project]]
 +
[[Category:Language]]
 
[[Category:Platform]]
 
[[Category:Platform]]

Revision as of 07:40, 8 June 2006

This category should be used to tag any article that has to do with Java or J2EE. You may be interested in the Category:OWASP Java Project for more information on Java and J2EE security.