Secure Coding mailing list archives
Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog
From: jim at manico.net (James Manico)
Date: Wed, 6 Jan 2010 16:36:09 -0500
Hello Matt, Java EE still has NO support for escaping and lots of other important security areas. You need something like OWASP ESAPI to make a secure app even remotely possible. I was once a Sun guy, and I'm very fond of Java and Sun. But JavaEE 6 does very little to raise the bar when it comes to Application Security. - Jim On Tue, Jan 5, 2010 at 3:30 PM, Matt Parsons <mparsons1980 at gmail.com> wrote:
From what I read it appears that this Java EE 6 could be a few rulechangers. It looks like to me, java is checking for authorization and authentication with this new framework. If that is the case, I think that static code analyzers could change their rule sets to check what normally is a manual process in the code review of authentication and authorization. Am I correct on my assumption? Thanks, Matt Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office mailto:mparsons1980 at gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth Van Wyk Sent: Tuesday, January 05, 2010 8:59 AM To: Secure Coding Subject: [SC-L] Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Happy new year SC-Lers. FYI, interesting blog post on some of the new security features in Java EE 6, by Ramesh Nagappan. Worth reading for all you Java folk, IMHO. http://www.coresecuritypatterns.com/blogs/?p=1622 Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- -- Jim Manico, Application Security Architect jim.manico at aspectsecurity.com | jim at manico.net (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security? Securing your applications at the source http://www.aspectsecurity.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100106/40c0954c/attachment.htm>
Current thread:
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Kenneth Van Wyk (Jan 05)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Matt Parsons (Jan 05)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog James Manico (Jan 06)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog John Steven (Jan 06)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Jim Manico (Jan 07)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Boberski, Michael [USA] (Jan 07)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog John Steven (Jan 07)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Boberski, Michael [USA] (Jan 07)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Jim Manico (Jan 07)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog John Steven (Jan 11)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Jim Manico (Jan 13)
- Message not available
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Jim Manico (Jan 15)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog James Manico (Jan 06)
- Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog Matt Parsons (Jan 05)