security aspects specific to the Java programming language and libraries.
2
votes
1answer
43 views
safe to use jBCrypt and recommend it to my organization?
I'd like to recommend to my fellow developers that we all use bcrypt to hash stored passwords. We all use java and I hesitate to recommend jBCrypt only because its latest version number (0.3) ...
-1
votes
1answer
45 views
Alternatives/mitigation to Oracle Java (JRE) [closed]
My company is researching a complete removal of JRE on our windows platform. I have researched several alternatives for implementation in a large enterprise architecture. Simply, wanted to throw the ...
3
votes
1answer
101 views
Are OpenJDK and non-Windows systems vulnerable to the Sept. 25th 2012 Java vulnerability?
I have heard of this vulnerability, but although it was announced on the Full Disclosure list, it does not provide any details (other than a severity assessment). Does anyone have more info than me, ...
2
votes
1answer
36 views
Secure Spring FrameworkUser Management
I got asked this question:
"Any decent reusable / plug-able Spring user management systems (registration, change pwd, reset etc)?
How do you guys do authz in Spring, including managing those roles ...
1
vote
3answers
68 views
Java class type parameter vulnerability
In a Java programming book there is a section that details the JVM and memory addresses and location as it pertains to parameters of a class type. As you can see from the console output the initial ...
-4
votes
1answer
91 views
Exploiting tomcat's vulnerability CVE-2009-2693 Arbitrary file deletion and/or alteration on deploy [closed]
For some tests, I want to exploit tomcat 6 vulnerability CVE-2009-2693. You can see it here http://tomcat.apache.org/security-6.html
I am trying this with insecure web application of OWASP. I made ...
3
votes
2answers
131 views
How should an application store its credentials
When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another ...
4
votes
3answers
161 views
Vulnerable java applications
I am looking for some open source/free vulnerable JAVA based applications. It can be web application, desktop application or any other. I need them to do some experiments in my research work. They ...
2
votes
2answers
143 views
Storing password in Java application
What is best secure way to store passwords in Java web application?
I am not talking about password to the DB, so it must be stored in de-cryptable way. It’s cloud environment and I need to protect ...
2
votes
0answers
62 views
Need a little help with Metasploit and Java? [closed]
I'm a junior programmer and i was asked in my job to test java using metasploit... I followed this detailed environment: ...
7
votes
4answers
200 views
Are Java applets more secure than regular forms for login?
In Norway we have something called BankID which is a login solution for banks and other stuff. It consists (from a users point of view) of a Java applet where you enter your SSN (person number), a one ...
2
votes
2answers
75 views
Hide web.xml file from public view
I have found a vulnerability in a sun java application where the web.xml file is publicly viewable as the application is not using any .htaccess nor web.config.
I don't how to restrict. I tried with ...
8
votes
2answers
144 views
Why do some Java APIs bypass standard SecurityManager checks?
In Java, normally permission checks are handled by the SecurityManager. To prevent untrusted code from invoking privileged code and exploiting some bug in the privileged code, SecurityManager checks ...
0
votes
2answers
86 views
Java: How to validate redirects?
I'm reading OWASP's Secure Coding Practices Checklist and under their "Input Validation" section they have an item that reads:
Validate data from redirects (An attacker may submit malicious ...
0
votes
1answer
109 views
What security concerns exist in running a glassfish app directly on port 443
I have installed Apache http server in front of glassfish based on recommendations i had in this question.
I have been told that i will run into performance problems along with security issues. I was ...
