Module01IntroductiontoJavaSecurity

 

VulnerabilityDisclosureGrowth

 

ImpactofVulnerabilitiesandAssociatedCosts

 

SecurityIncidents

 

SoftwareSecurityFailureCosts

 

NeedforSecureCoding

 

JavaSecurityOverview

 

JavaSecurityPlatform

 

JavaVirtualMachine(JVM)

 

ClassLoading

 

BytecodeVerifier

 

ClassFiles

 

SecurityManager

 

JavaSecurity Policy

 

 

 

 

 

Cycle

 

 

 

Development

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Architecture

 

 

 

Analysis

 

CodeAnalysis

 

Java

 

 

 

 

 

 

 

 

 Module03FileInputandOutputandSerialization

 

 

 

 

 

 

 

 

 

 

 

InputStream

 

CharactertoanInt

 

Writeinanother  Array

 

 

 

 

 

 

 

 

 

Module04InputValidation

 

 

InputValidationVulnerabilities

 

 

 

 

 

 

 

 

Expressions

 

 

 

 

 

 

 

 

 

 

Statement

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Module05Error HandlingandLogging

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Module06AuthenticationandAuthorization

 

AuthenticationVulnerabilities

 

AuthorizationBypassVulnerabilities

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tomcat

 

 

 

ClientApplication

 

 

 

 

 

 

 

 

 

 

Applications

 

Controls

 

Mistakes

 

Module07JavaAuthenticationandAuthorizationService(JAAS)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Module08JavaConcurrencyandSessionManagement

 

 

 

 

 

Methods

 

ExecutorFramework

 

 

 

ThreadGroup

 

Threads

 

 

 

ThreadPool

 

InitializedObjects

 

 

ConditionCode

 

 

ExceptionalConditions

 

OperationswhileHoldingLock

 

CheckedLockingIdiom forms

 

Techniques

 

Threads

 

 

 

 

Attacks

 

Hijacking

 

ID Protection

 

Management

 

 

 

 

 

 

 

 

Module09JavaCryptography

 

EncryptionVulnerabilities

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Objects

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Stores

 

 

 

 

 

 

 

 

 

 

 

 

 

Module10JavaApplicationVulnerabilities

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

•      InjectionAttacksCountermen