Secure Coding mailing list archives

Insecure Java Code Snippets

From: andrews at rbacomm.com (Brad Andrews)
Date: Thu, 07 May 2009 12:47:47 -0500


Quoting ljknews <ljknews at mac.com>:

At 5:49 PM -0500 5/6/09, Brad Andrews wrote:

Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
They can be really hard to figure out,


And yet people keep choosing those programming languages.


They offer quite a bit of power in exchange for the danger.  A steak  
knife can be dangerous, but I would greatly prefer it over a butter  
knife if I am eating a steak.  :)

I also believe some Java security flaws can be just as difficult to  
figure out.  Some aren't, but why would secure code review be such a  
challenge if it was so easy?

Brad

Current thread:

Insecure Java Code Snippets Brad Andrews (May 06)
- Insecure Java Code Snippets Jim Manico (May 06)
- Insecure Java Code Snippets Brian Chess (May 06)
- Insecure Java Code Snippets Steven M. Christey (May 06)
- Insecure Java Code Snippets Goertzel, Karen [USA] (May 06)
  - Insecure Java Code Snippets Brad Andrews (May 06)
  - Insecure Java Code Snippets Ben Livshits (May 06)
- Message not available
  - Insecure Java Code Snippets Brad Andrews (May 06)
    - Insecure Java Code Snippets ljknews (May 07)
    - Insecure Java Code Snippets Brad Andrews (May 07)
    - Insecure Java Code Snippets ljknews (May 07)
    - Message not available
    - Insecure Java Code Snippets SC-L Reader Dave Aronson (May 08)
    - Insecure Java Code Snippets ljknews (May 08)
    - Insecure Java Code Snippets Wall, Kevin (May 10)
    - Insecure Java Code Snippets Steven M. Christey (May 07)
    - Insecure Java Code Snippets Martin Johns (May 07)
    - Insecure Java Code Snippets Rohit Sethi (May 07)
- Insecure Java Code Snippets Robert Seacord (May 10)