Twelve Java Technology Security Traps and How to Avoid Them
TS-1660

This session discusses current real-world secure coding traps that development managers and team leads need to know about.

One of the wonderful things about Java technology is the ease with which developers can build network-based applications and components that interact seamlessly with other systems. Unfortunately, it is also easy to build a Java technology-based application with major security vulnerabilities. This session explores 12 of the most common security traps Java technology developers fall into. You may be surprised to learn that most of them are not related to cryptography, access control, or any other typical security topic.

This session doesn't include a review of 10-year-old guidelines for writing secure applets with JDK 1.1 software. Instead, it looks at causes of security failures in modern Java technology-based applications. Approaching security with an outside in style like that of the OWASP Top 10, it looks at vulnerabilities from a developer's perspective, focusing on the source code. It looks at examples of real vulnerabilities in Tomcat and widely deployed blogging packages such as Blojsom and explores how the problems facing web-based applications are made worse by the transition to a service-oriented architecture.

The session concludes with a discussion of policies, processes, and tools proven to help prevent common programming errors from becoming major security incidents.

Watch The Session
You need to be a registered Sun Developer Network member to view this multimedia session. If you are a registered SDN member, please click on "Watch Multimedia" button to log-in to view the multimedia session. If you wish to join SDN, please click here.