Java leading security practice

From OWASP
Revision as of 06:14, 14 August 2007 by EoinKeary (Talk | contribs)

Jump to: navigation, search
OWASP Code Review Guide Table of Contents

Contents


Introduction

This section covers the main Java-centric areas which are perscribed as leading security practice when developing java applications and code. So when we are performing a codfe review on some Java code we should look at the following areas of concern. Getting developers to adopt leading practice techniques gives the inherent basic security features all code should have, "Self Defending Code".


Class Access

  1. Methods
  2. Fields
  3. Mutable Objects

Initialisation

Finality

Scope

Inner Classes

Code Signing

Hard Coding

Archive Files

Cloneability

Serialization/Deserialization

Comparisons