|
|
Recommended: Sing it, brah! 5 fabulous songs for developers
JW's Top 5
Featured White Papers
- Measuring Risk to Improve Java Software Quality
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
-
Graph databases are 1000x faster than relational.
Learn More!
-
Career opportunities at Harman- Careers That'll Rock Your Socks Off.
Learn More!
-
Developer-friendly Java PDF libraries by Qoppa Software
Live Demos
-
Stop blaming your app! Diagnose Java performance issues.
Free tool >
-
UrbanCode: Go From Continuous Integration to
Continuous DeliveryLearn More!
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Secure your Java apps from end to end, Part 2
Don't let flaws compromise application security
Page 2 of 4
Read the whole series on security contexts:
- Part 1: The foundation of Java security: Virtual machine and byte code security
- Part 2: Don't let flaws compromise application security
It is impossible to specifically list all the ways that bad design and poor programming can compromise an application's security. The example in the introduction is only one route. Instead, I will define and describe a handful of categories from which most Java application security vulnerabilities arise. These categories fall into two larger camps: implementation-related and design-related flaws.
Implementation-related flaws
Implementation-related flaws are introduced into an application during implementation. Caused by careless coding, insufficient understanding of requirements, or general lack of skill, implementation-related errors remain hidden because of inadequate testing and review. However, if the design is sound, you can usually fix the flaw without changing the design.
Timing problems
The most pernicious timing problem is the race condition. A race condition occurs when two threads accessing the same resource aren't properly synchronized. Flaws arise when two interacting threads either leave an object in an inconsistent or invalid state, or when malicious code takes advantage of improperly protected resources being used by another thread. Often the solution is as simple as adding proper synchronization.
Insufficient input validation
Input supplied to a process must be validated before it is used. Although some input comes from trusted sources, for safety's sake, all input should be considered to have come from an untrusted, possibly compromised source. Failure to thoroughly validate input can lead to a number of serious security vulnerabilities.
Inadequate randomness
Good cryptography requires a high-quality source of randomness. Many early Netscape Navigator vulnerabilities directly resulted from an insufficiently random source. Keys generated from this source had an effective key length much shorter than their advertised key length and were therefore easier to crack.
On a more mundane note, the predictability (lack of randomness) of many user-supplied passwords makes them easy to guess. Sometimes sound security consists of weeding out weak passwords.
Design flaws
Security vulnerabilities that arise from implementation flaws are bad enough, but even worse are vulnerabilities that surface from poor design decisions, lack of foresight, or insufficient understanding of the language or library features. These flaws often become so intertwined with the application logic that removing them without killing the patient is difficult. The InterBase flaw mentioned above provides an excellent design-flaw example.
Initialization issues
The Java savvy know that the new operator isn't the only way to create new instances. Both deserialization and cloning create fully functional instances. You can use both mechanisms to subvert a class's carefully constructed security by introducing instances that don't play by the rules. It's wise to defeat both cloning and deserialization.
- Feedback
More from JavaWorld
Resources
- "Secure Your Java Apps from End to End," Todd Sundsted (JavaWorld)
- Part 1The foundation of Java securityVirtual machine and byte code security (June 2001)
- Part 2Don't let flaws compromise applications security (July 2001)
- A little history on the InterBase security hole
http://community.borland.com/article/0,1410,26611,00.html - Sun's announcement of the JDK security flaw
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/201&type=0&nav=sec.sbl&ttl=sec.sbl - "Java Security Evolution and Concepts," Raghavan N. Srinivas (JavaWorld):
- Part 1Learn computer security concepts and terms in this introductory overview (April 2000)
- Part 2Discover the ins and outs of Java security (July 2000)
- Part 3Tackle Java applet security with confidence (December 2000)
- Part 4Learn how optional packages extend and enhance Java security (May 2001)
- For more security-related articles, see the JavaWorld Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-security.html - A complete listing of all How-To Java columns
http://www.javaworld.com/javaworld/topicalindex/jw-ti-howto.html - Sign up for the JavaWorld This Week free weekly email newsletter for what's new on JavaWorld
http://www.idg.net/jw-subscribe - You'll find a wealth of IT-related articles from our sister publications at IDG.net
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2013 Infoworld, Inc. All rights reserved.