Talk:Java leading security practice

From OWASP
Jump to: navigation, search

Threat model?

What is the threat model behind these recommendations? Most of them don't seem to make sense to me because they can be bypassed in 5 minutes with a custom classloader, so I'm wondering what I'm missing. HenryAyoola 05:13, 10 February 2009 (EST)

The threat model allows the attacker to interact with the application only through its inputs and outputs (think "web application"). Manipulation of the virtual machine, replacement of the libraries, manipulation of the operating system are not among the mechanisms available to the attacker in this threat model. --Thomas Herlea 12:22, 8 September 2010 (UTC)

Article move proposal

I propose to rename this article from

Java_leading_security_practice

to

Leading_Java_Security_Practice

which uses the same title case as most other section titles in the Code Review Guide and uses a more natural adjective order (http://en.wikipedia.org/wiki/Adjective#Adjective_order). --Thomas Herlea 12:17, 8 September 2010 (UTC)