|
|
Recommended: Sing it, brah! 5 fabulous songs for developers
JW's Top 5
Featured White Papers
- Measuring Risk to Improve Java Software Quality
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
-
Graph databases are 1000x faster than relational.
Learn More!
-
Career opportunities at Harman- Careers That'll Rock Your Socks Off.
Learn More!
-
Developer-friendly Java PDF libraries by Qoppa Software
Live Demos
-
Stop blaming your app! Diagnose Java performance issues.
Free tool >
-
UrbanCode: Go From Continuous Integration to
Continuous DeliveryLearn More!
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Secure your Java apps from end to end, Part 2
Don't let flaws compromise application security
Page 4 of 4
The fix: immediately copy the two input arrays and operate on the copies instead of the originals.
Return to best practices
You can detect many flaws that lead to security vulnerabilities through good old-fashioned software development best practices. Clear requirements, formal design reviews, formal code reviews, and thorough testing will uncover many flaws and improve overall software quality.
Next month, I will explore the final security context: network security.
About the author
Todd Sundsted has been writing programs since computers became available in desktop models. Though originally interested in building distributed applications in C++, Todd moved on to the Java programming language when it became the obvious choice for that sort of thing. In addition to writing, Todd is cofounder and chief architect of PointFire, Inc.Read more about Tools & Methods in JavaWorld's Tools & Methods section.
- Feedback
More from JavaWorld
Resources
- "Secure Your Java Apps from End to End," Todd Sundsted (JavaWorld)
- Part 1The foundation of Java securityVirtual machine and byte code security (June 2001)
- Part 2Don't let flaws compromise applications security (July 2001)
- A little history on the InterBase security hole
http://community.borland.com/article/0,1410,26611,00.html - Sun's announcement of the JDK security flaw
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/201&type=0&nav=sec.sbl&ttl=sec.sbl - "Java Security Evolution and Concepts," Raghavan N. Srinivas (JavaWorld):
- Part 1Learn computer security concepts and terms in this introductory overview (April 2000)
- Part 2Discover the ins and outs of Java security (July 2000)
- Part 3Tackle Java applet security with confidence (December 2000)
- Part 4Learn how optional packages extend and enhance Java security (May 2001)
- For more security-related articles, see the JavaWorld Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-security.html - A complete listing of all How-To Java columns
http://www.javaworld.com/javaworld/topicalindex/jw-ti-howto.html - Sign up for the JavaWorld This Week free weekly email newsletter for what's new on JavaWorld
http://www.idg.net/jw-subscribe - You'll find a wealth of IT-related articles from our sister publications at IDG.net
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2013 Infoworld, Inc. All rights reserved.