Java server (J2EE) code review

From OWASP
Revision as of 05:47, 15 March 2007 by EoinKeary (Talk | contribs)

Jump to: navigation, search

Contents

Introduction

Java EE Authentication Technologies

The Java EE framework contains a number of options from an authentication standpoint, such as,

  • Java Authentication and Authorization Service (JAAS)
  • Java Secure Socket Extensions (JSSE.)
    • Authentication and key exchange (RSA & DSA), SSL Authentication
  • Java 2 Security Model


Servlet Authentication

The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundimental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertantly on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests.

J2EE Authorisation Technologies

J2EE Session Management

J2EE Data Validation

J2EE Error Handling

Crypto in J2EE/Java