Difference between revisions of "Category:OWASP Java Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{Template:Stub}}
 
 
 
==About==
 
==About==
  
Line 15: Line 13:
 
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications.
 
While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security [[:Category:Vulnerability|Vulnerabilities]] apply to Java applications just like other environments. The notable exception is [[Buffer overflow|buffer overflow]] and related issues that do not apply to Java applications.
  
==Securing the Java Environment==
+
The following areas provide an overview of the most common challenges for Java programmers, and links to articles that provide more information:
 +
 
 +
===Securing the Java Environment===
 
Verifier and Sandbox
 
Verifier and Sandbox
 
JRE vs. JDK (precompile JSPs)
 
JRE vs. JDK (precompile JSPs)
  
  
==Securing Java Application Code==
+
===Securing Java Application Code===
 
Common vulnerabilities like...Runtime.exec, Statement, readline()
 
Common vulnerabilities like...Runtime.exec, Statement, readline()
 
Dangers of native code, dynamic code, and reflection
 
Dangers of native code, dynamic code, and reflection
Line 26: Line 26:
 
Security mechanisms like cryptography, logging, encryption, error handling
 
Security mechanisms like cryptography, logging, encryption, error handling
  
==Securing the J2EE Environment==
+
===Securing the J2EE Environment===
 
Minimize attack surface in web.xml
 
Minimize attack surface in web.xml
 
Configure error handlers
 
Configure error handlers
  
==Securing J2EE Application Code==
+
===Securing J2EE Application Code===
 
Vulnerabilities like...
 
Vulnerabilities like...
 
Using J2EE filters for protection
 
Using J2EE filters for protection

Revision as of 16:20, 8 June 2006

Contents

About

The OWASP Java Project's goal is to enable Java and J2EE developers to build secure applications efficiently. See the OWASP Java Project Roadmap for more information on our plans.

Joining the Project

Stephen de Vries and Rohyt Belani lead the project. We're currently building out the OWASP Java Project Roadmap. Please submit your ideas for where we should spend our efforts there.

We're in the process of creating the email list for the OWASP project. Stay tuned for more details.

Java Security Overview

While Java and J2EE contain many security technologies, it is not easy to produce an application without security vulnerabilities. Most application security Vulnerabilities apply to Java applications just like other environments. The notable exception is buffer overflow and related issues that do not apply to Java applications.

The following areas provide an overview of the most common challenges for Java programmers, and links to articles that provide more information:

Securing the Java Environment

Verifier and Sandbox JRE vs. JDK (precompile JSPs)


Securing Java Application Code

Common vulnerabilities like...Runtime.exec, Statement, readline() Dangers of native code, dynamic code, and reflection Tools like PMD and FindBugs Security mechanisms like cryptography, logging, encryption, error handling

Securing the J2EE Environment

Minimize attack surface in web.xml Configure error handlers

Securing J2EE Application Code

Vulnerabilities like... Using J2EE filters for protection Mechanisms like input validation, encoding Common vulnerabilities like...

Subcategories

This category has the following 2 subcategories, out of 2 total.

J

  • Java(3 C, 49 P)

O

Media in category "OWASP Java Project"

This category contains only the following file.