CertGear - Certification Practice Tests /Exams For PHR, SPHR, GPHR, SCWCD, SCBCD, SCDJWS, SCJP, PMP Java / Web Application Security - Guidelines For Secure Web Component Development
CertGear Products - Certification Practice Tests For PHR, SPHR, GPHR, SCWCD, SCBCD, SCDJWS, SCJP, PMPCertGear Products - Certification Practice Tests For PHR, SPHR, GPHR, SCWCD, SCBCD, SCDJWS, SCJP, PMPAbout CertGearCertGear Affiliates ProgramCertGear Technical SupportCertGear Product Downloads - Certification Practice Tests For PHR, SPHR, GPHR, SCWCD, SCBCD, SCDJWS, SCJP, PMP
Practice Exams
SCJP Certification
SCWCD Certification
SCBCD Certification
SCDJWS Certification
PHR Certification
PHR / SPHR Certification
PMP Practice Tests GPHR Certification CISSP Certification CISA Certification

Company

 
 Java & Web Application Security  


Web security can be defined in various ways, depending on individual points of view. The main focus of this article is the security of Java / JSP applications developed and deployed for the Internet.

Almost by its very nature, one of the most tedious and difficult aspects of application development is security. From a security perspective, the most vulnerable part of server-side Java applications are the various facilities and mechanisms that are developed to accept user-input. These input mechanisms are quite often exploited by adversaries to identify and exploit vulnerabilities in the Java application code.

Security exposures are often a direct consequences of two main design errors:

  • poor access control
  • implied assumptions about the deployment environment.

There are many extensive treatments of access control issues in the security literature. Here we will discuss the problem of security, as pertaining to the Java / Java Server Pages (JSP) environment.

Accordingly, we will explain the ways in which malicious user input can manifest itself and alter the intended behavior of an application, and we will consider methods to validate input and reduce undesirable exposure of information and programming interfaces.

Security Risks

Insecure Java servlets and insecure JSP pages can create a significant risk. It is often assumed that Java, being the strong-typed, garbage collecting, sandboxable language that it is, magically makes software secure. And indeed, many low-level security issues that are problematic in other languages, such as buffer and heap overflows, are less of a peril in Java.

However, this of course does NOT mean that writing secure code in Java is easy. Validating input and controlling access to resources always need to be considered. Furthermore, JSP is a fairly complex architecture, in which many components come together. The interactions between them are often sources of security breaches. And on top of that, although all existing JSP implementations are built around Java, the JSP specification allows virtually any other language to play this role. The security aspects of the substitute language then must also be taken in consideration.

In short, there are plenty of opportunities for introducing vulnerabilities in a JSP system. We will review the most common of them in the next few pages.

 

 

Page: 1 2 3 4 NEXT



 

  PHR SPHR Certifications :  PHR, SPHR, GPHR   |    PMI Certifications: PMP
Java Certifications :  SCWCD, SCBCD, SCJDWS, SCJP  | Security Certifications: CISSP, CISA