Java and security bits

Java Secure Coding Talk at JavaOne

It's that time of year again - JavaOne season. This year Charlie Lai and I are presenting a session entitled Secure Coding Antipatterns: Avoiding Vulnerabilities. The short short summary is that many security incidents are caused by bugs that follow recurring antipatterns. We use past Java security issues to explain such mistakes and show how to avoid them. See also the session abstract on the JavaOne site.

You may think that you don't have to care about security issues, but you really should care! As it turns out, the majority of security incidents occur in seemingly innocous components that do not appear to be relevant to security at all. The reason is that although Java takes care of a lot of problems for you, such as array bounds checking to avoid buffer overflows, there are still issues all code needs to pay attention to. That is what the talk is all about. Plus, you will even learn the answers to some longstanding questions, for example what the initialized flag and the check() method in java.lang.ClassLoader are all about.

If you are interested, it is TS-1238 on Thursday from 1:30pm to 2:30pm in Gateway 102/103. The Java SE security group also has a Q&A BOF on Thursday from 10:30pm to 11:20pm, also in Gateway 102/103 (BOF-0600).

PS: some other talks I plan to check out: "Solving the Mysteries of the Java Technology Class Loader" (BOF-0300), "Dynamically Typed Languages on the Java Platform" (TS-3886), "Superpackages: Development Modules in Dolphin" (TS-3885), "JSR-277: Java Module System" (BOF-0684), "What Is Happening With New I/O" (BOF-0895), "How to Build a Scalable Multiplexed Server With NIO" (TS-1315), "Confessions of a JVM Software Writer" (BOF-0377), of course the Josh and Neal talks, and various others. (Sorry, no links -- getting tired)

Posted at 03:56 May 10, 2006 by Andreas Sterbenz in Java  |