Network Security: Detailed info on RE: Sample JAVA application

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

RE: Sample JAVA application

from [Tal Mozes] Network Security

[Permanent Link]

Subject:	RE: Sample JAVA application
Date:	Sat, 6 Nov 2004 15:30:15 +0200

Hi Chris,

From my experience there are a lot of Java specific security issues to check

when doing a code review. I haven't seen a good paper on the subject, but
I'll try to give the start...

 

Issues to check:

 

*         Object Initialization

*         Reducing scope

*         Make Everything final

*         Don't Use Inner classes

*         Don't Depend on Package Protection

*         Avoid Code signing

*         Sign Only JAR Files

*         Make Classes Unclonable

*         Make Classes Unserializeable

*         Make Classes Undeserializeable

*         Don't Compare Classes by Name

*         Storing Secrets in Code 

 

Note that it is not a complete list, but a start.  I hope you'll get the
general idea by now...

Hope it helped,

Tal.

 

Tal Mozes

Application Security Consultant

www.comsec.co.il

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Sample JAVA application, Scott, Richard Re: Sample JAVA application, Chris Vanden Berghe Re: Sample JAVA application, Jeff Williams RE: Sample JAVA application, Tal Mozes <= RE: Sample JAVA application, Michael Silk Re: Sample JAVA application, Jean-Jacques Halans Re: Sample JAVA application, Chris Vanden Berghe Re: Sample JAVA application, Jeff Williams Trouble with Reflection, V.Benjamin Livshits

Previous by Date:	RE: Looking for a Web Application Vulnerable to XSS Cookie Grab, Mark Curphey
Next by Date:	RE: Looking for a Web Application Vulnerable to XSS Cookie Grab, Mike Andrews
Previous by Thread:	Re: Sample JAVA application, Jeff Williams
Next by Thread:	RE: Sample JAVA application, Michael Silk
Indexes:	[Date] [Thread] [Top] [All Lists]