WebApp Sec mailing list archives
RE: Sample JAVA application
From: Tal Mozes <TalM () comsec co il>
Date: Sat, 6 Nov 2004 15:30:15 +0200
Hi Chris,
From my experience there are a lot of Java specific security issues to check
when doing a code review. I haven't seen a good paper on the subject, but I'll try to give the start... Issues to check: * Object Initialization * Reducing scope * Make Everything final * Don't Use Inner classes * Don't Depend on Package Protection * Avoid Code signing * Sign Only JAR Files * Make Classes Unclonable * Make Classes Unserializeable * Make Classes Undeserializeable * Don't Compare Classes by Name * Storing Secrets in Code Note that it is not a complete list, but a start. I hope you'll get the general idea by now... Hope it helped, Tal. Tal Mozes Application Security Consultant www.comsec.co.il
Current thread:
- Sample JAVA application Chris Vanden Berghe (Oct 23)
- Re: Sample JAVA application Jeff Williams (Oct 25)
- Re: Sample JAVA application Chris Vanden Berghe (Nov 11)
- Re: Sample JAVA application Jeff Williams (Nov 11)
- Trouble with Reflection V.Benjamin Livshits (Nov 14)
- Re: Sample JAVA application Chris Vanden Berghe (Nov 11)
- Re: Sample JAVA application Jeff Williams (Oct 25)
- Re: Sample JAVA application Jean-Jacques Halans (Nov 08)
- <Possible follow-ups>
- Re: Sample JAVA application el (Oct 29)
- RE: Sample JAVA application Scott, Richard (Nov 05)
- Re: Sample JAVA application Chris Vanden Berghe (Nov 11)
- Re: Sample JAVA application Jeff Williams (Nov 12)
- Re: Sample JAVA application Chris Vanden Berghe (Nov 11)
- RE: Sample JAVA application Tal Mozes (Nov 06)
- RE: Sample JAVA application Michael Silk (Nov 07)