Introduction

Java is arguably the most versatile programming language available for use today. Since its appearance in 1995, the development community has quickly embraced Java because of its robustness and its capability to transcend multiple platforms. It is getting more difficult to find leading-edge applications today that don't incorporate Java somewhere in their architecture. Because of Java's extensibility, it is perfect for the distributed architecture of the Internet. However, it can pose a threat to corporate systems if the application is not designed correctly.

Sun Microsystems, the creator of Java, claims that Java is inherently secure and all that is required to write secure code is consistent careful adherence to the Java security model. However, security holes and weaknesses have been found in Java from its first version onward. Sun has listened to the recommendations made by developers and has been working to fix most of these problems. In fact, Sun has accomplished just that in subsequent releases of Java.

A tool as powerful as Java may still present some threat as long as there is room for error in its use. This chapter walks you through the process of ensuring your Java code is sound and secure. To code secure Java applications, you must understand how Java security works and how the environment itself and thus applications created in it handle security. You will also gain an understanding of Java's other weaknesses, and see how numerous bugs and exploits have caused Java to change over the years. For example, we examine...