Half of all enterprise applications written in the last 15 years have been written in Java, making them nearly ubiquitous in the enterprise. Unfortunately, this means that Java applications are also some of the most frequently targeted and attacked applications by hackers.
Java is weak to both general types of vulnerabilities and some that are specific to the Java platform. For instance, general vulnerabilities include:
- Vulnerabilities in standard libraries
- Vulnerabilities introduced by coding errors (e.g., improper construction of a query)
Java-specific vulnerabilities include:
- Vulnerabilities in Java libraries
- Vulnerabilities in the Java sandboxing mechanism, which can allow an attacker to circumvent the restrictions the security manager has established
Developing secure Java-based applications, free from any of the above vulnerabilities, is the best way to ensure that applications are robust and immune to security threats. Incorporating security into the development workflow helps developers avoid creating vulnerabilities; correcting a potential vulnerability during development is exponentially cheaper in both time and resources than correcting a vulnerability that has been implemented in production.
This Refcard is intended to help Java developers understand the most common Java vulnerabilities and how to fix them early in the development process.