Re: Java Enterprise Safe ??

From: Adriel Desautels <adriel@xxxxxxxxxxxxx>
Date: Tue, 14 Oct 2008 11:41:35 -0400

Java has better security when it doesn't contain vulnerabilities. The
code isn't always the problem, sometimes the interpreter is the problem.
In most cases though, it is the developer as suggested before. Java can
be very safe.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

------------------------------------------------
Netragard, LLC - "The Specialist in Anti-Hacking"

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn

Gleb Paharenko wrote:

Hi!

IMHO, java projects have better security. Variable binding and no
dynamic sql significantly improves sqli strength.

2008/10/7 Mattias Hemmmingsson <mattias@xxxxxxxxxxxxxx>:
God morning

We are now working with java enterprise at the glassfish server.
And a come of thinking how secure is java really ?

If you look att OWASP home page you can find the ten most common
security risk against java,

So with XSS how mutch damiage can you do to the system ore can you
only change the clients view ?

Sql injection is it poosible to do with java enterprise ?

And the big one JAS ( java auth system or somthing like that) How safe
is it realy ?

// matte

References:
- DOT NET code review
  - From: Mork
- Re: DOT NET code review
  - From: J. Oquendo
- File traces
  - From: Sumeet Narula
- RE: File traces
  - From: John Grubb
- RE: File traces
  - From: Tiago 'gouki' Faria
- Java Enterprise Safe ??
  - From: Mattias Hemmmingsson
- Re: Java Enterprise Safe ??
  - From: Gleb Paharenko

Prev by Date: Re: Wiping a drive: /dev/zero or /dev/urandom better?
Next by Date: RE: Flash Drive Policy
Previous by thread: Re: Java Enterprise Safe ??
Next by thread: Re: File traces
Index(es):
- Date
- Thread

Relevant Pages

SSRT4871 Rev.0 Untrusted applets in Java Plugin may allow unauthorized privileges on HP-UX
... The information in this Security bulletin should be acted upon ... Potential vulnerabilities have been identified with the Java ... Plug-In on HP-UX which may allow untrusted applets to escalate ...
(comp.sys.hp.hpux)
SSRT4871 Rev.0 Untrusted applets in Java Plugin may allow unauthorized privileges on HP-UX
... The information in this Security bulletin should be acted upon ... Potential vulnerabilities have been identified with the Java ... Plug-In on HP-UX which may allow untrusted applets to escalate ...
(comp.security.misc)
SSRT4871 Rev.0 Untrusted applets in Java Plugin may allow unauthorized privileges on HP-UX
... The information in this Security bulletin should be acted upon ... Potential vulnerabilities have been identified with the Java ... Plug-In on HP-UX which may allow untrusted applets to escalate ...
(comp.security.unix)
[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU
... security issues reported by us to Oracle and addressed by the ... company in a recent Feb 2013 Java SE CPU. ... further leveraged to obtain a complete JVM security bypass. ... The vulnerability has its origin ...
(Bugtraq)
Re: Java programmer lured back by .Net (Questions)
... I have finally decided to put all my business logic in C++ and compile that to native code. ... Security is the only reason why I could see that being a problem but I'm sure there is a way around it. ... Of course it learned a lot from Java, and improved upon many things which Java is slowly catching up on. ... I would like to be able to place my executable on my remote server and then "load" the executables on demand from accross the internet - so that there are no executables on the local machine for prying eyes to reverse engineer. ...
(microsoft.public.dotnet.distributed_apps)