Hack Proofing Your Web Applications

Java is arguably the most versatile programming language available for use today. Since its appearance in 1995, the development community has quickly embraced Java because of its robustness and its ability to transcend multiple platforms. It is getting more difficult to find leading-edge applications today that don t incorporate Java somewhere in their architecture. Because of Java s extensibility, it is perfect for the distributed architecture of the Internet, however, it can pose a threat to corporate systems if the application is not designed correctly.
Sun Microsystems, the creator of Java, claims that Java is inherently secure and all that is required to write secure code is consistent careful adherence to the Java security model. However, security holes and weaknesses have been found in Java from its first version onward. Sun has listened to the recommendations made by developers and has been working to fix most of these problems. In fact, Sun has accomplished just that in subsequent releases of Java.
A tool as powerful as Java may still present some threat as long as there is room for error in its use. This chapter walks you through the process of ensuring that your Java code is sound and secure. In order to code secure Java applications, you must understand how Java security works and how the environment itself and thus applications created in it handle security. You will also gain an understanding of Java s other weaknesses. For example, we examine how it is possible to bring down a Java program by creating...