Highest Voted 'java' Questions - IT Security Stack Exchange

23

votes

3 answers

Is Java secure for the desktop?

The Java plugin for web browsers is known to have many security issues, at least in the past. Google Chrome is not even supporting it any more, describing it as decrepit technology, and Firefox having a little warning message near it. But is the…

java

asked Sep 17 '15 at 08:16

Dan

323
2
7

11

votes

4 answers

Is Java relevant to Information Security?

I'm currently studying Computer Science, where we're teached Java programming. I want to get into the IT-security field, but it seems to me that Ruby and Python are more relevant for that, so I have a hard time motivating myself to learn Java. But…

java

asked Jan 19 '14 at 14:42

user37534

113
1
4

7

votes

4 answers

How to use Java method override to attack?

I have seen various resources that warn the potential harm of method override in Java (see reference…

java

asked Sep 14 '16 at 06:45

drdot

619
2
7
13

7

votes

3 answers

How to resolve Path Manipulation error given by fortify?

I need to read the properties file kept in user home folder. PropertyFile=System.getProperty("user.home")+System.getProperty("file.separator")+"sample.properties"; Fortify is giving path manipulation error in this line. How to resolve this issue?

java

asked Oct 28 '15 at 04:50

Nagendra

81
1
2
5

6

votes

2 answers

Are there any real life cases, where using final keyword in Java increases system security?

I've came across that question on StackOverflow: https://stackoverflow.com/questions/18755713/how-does-final-play-a-role-in-security The claim is made, that according to Wikipedia: A final class cannot be subclassed. This is done for reasons of …

java

asked Sep 12 '13 at 17:31

user9850

6

votes

2 answers

JAVA (Web Application) Public Data Assigned to Private Array-Typed Field

Referring to this CWE-496, it mentions that because of the application assigning public data to a private array it is equivalent to giving public access to the array. This is not clear to me because usually before you can use the object, we must…

java

asked Sep 17 '15 at 11:54

overshadow

361
3
5
18

5

votes

3 answers

Java vulnerability: What about OpenJDK + IcedTea?

These days there is a lot of recommendations about disabling java-plugin due to a serious vulnerability. I know this topic has already been covered on this site here and here. In the reports about the vulnerability I have read so far, they refer…

java

asked Jan 13 '13 at 09:31

jap1968

213
2
7

3

votes

2 answers

Secure way to store application settings

What is a proper or, if possible to tell, the best way to store configuration in matters of security? So far I can tell that a database with very restricted access is a good way, but please let's exclude the database for the moment. I'm talking…

java

asked Sep 22 '14 at 08:40

user2504380

159
3

3

votes

3 answers

Java 7u11 - Safer to switch to 6?

Java update 7u11 has made some news lately for a couple reasons. Firstly, it was an out-of-band patch to resolve vulnerabilities being exploited in the wild. Then it came back up because it is now being found that the patch is incomplete. News…

java

asked Jan 18 '13 at 20:45

Iszi

27,127
18
101
163

3

votes

2 answers

Is it safe to handle trusted data in an insecure way?

I recently found out that in java it can be very dangerous to deserialize data. See https://github.com/frohoff/ysoserial In my application I'm saving the current configuration using serialization and deserialization. I did a test and modified the…

java

asked Jan 10 '18 at 15:18

Andreas Kurka

31
1

3

votes

1 answer

If Java is inherently vulnerable to System.getProperty injection attacks, is it worth it to validate?

In Java it's common to see code such as System.getProperty('line.separator') which is used to build Strings used for output, etc. It has been recommended by vulnerability scanners that it is advisable to validate this input by e.g. ensuring it…

java

asked Oct 17 '17 at 20:38

blindcodifier9734

205
1
3
5

3

votes

0 answers

How to fix Path Manipulation error in java which is raised in Fortify

How to fix Path Manipulation error in java which is raised in Fortify ? Please provide any inputs? I am getting the Path manipulation error in below line of my java file. new File(args[0])

java

asked Mar 23 '17 at 18:40

user1548490

31
1
2

3

votes

2 answers

Storing key store passwards

I am building an application that uses keystores as a way to securely store RSA keys and certificates. Obviously, I need a password to retrieve my private key. What is the proper way to store this password? I know, for example that burying it in the…

java

asked Jan 25 '17 at 17:50

Dor Mesica

133
3

2

votes

1 answer

Vulnerability of Java software

The JAVA software provided by Oracle is a security mess. But what exactly, in that software package is the most vulnerable. If someone install it and disables the Java plugin in the browser, will he still be vulnerable?

java

asked Aug 23 '15 at 12:37

Mayank Singh

613
1
7
11

2

votes

4 answers

Is serialisation of HashMaps secure?

I've done some reading in this area and there is very little information about the security of a HashMap. The only article I could find was on IBM's Developer Works site. What hashing function is used for HashMap in Java. That's really the most…

java

asked Mar 24 '15 at 14:29

Ramonster

121
2

Questions tagged [java]