Writing Secure JAVA Code (and testing it)
843811Feb 1 2006 — edited Mar 1 2006Hi all,
I'm currently looking for Information how to write Secure JAVA applications. I don't need the stuff everybody is talking about (e.g. Web App Security, SQL Injection, XSS, etc.) but instructions how to write code which is not breakable for standallone JAVA/J2EE applications.
With the results of this rules/instructions I want to generate test cases which decide, if java code is potentially vulnerable.
I found some Papers and slides about this topic. You'll find the most papers by searching the title in the web ....
http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html
JAVA ONE Presentation Track TS520, Secure JAVA Programming, Mark Lambert http://www.parasoft.com/jsp/products/support/presentation/misc/Mark_Lambert_JavaOne_preso.ppt
Statically Scanning Java Code: Finding Security Vulnerabilities
Found in: IEEE Software
By John Viega, Gary McGraw, Tom Mutdosch, Edward W. Felten
Finding Security Vulnerabilities in Java Applications with Static Analysis
V. Benjamin Livshits and Monica S. Lam
Computer Science Department Stanford University
Software Security Testing
Found in: IEEE Security and Privacy
By Gary McGraw, Bruce Potter
Securing Web Application Code by Static Analysis and Runtime Protection
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D. T. Lee, Sy-Yen Kuo
Proceedings of the 13th international conference on World Wide Web
Secure Software Development by Example
Found in: IEEE Security and Privacy
By Axelle Apvrille, Makan Pourzandi
Do you habe any more ideas? What can developers make wrong so that their appilcations might be vulnerable ....
Regards
Christoph