Skip to end of metadata
Go to start of metadata

Software vulnerability reports and reports of software exploitations continue to grow at an alarming rate, and a significant number of these reports result in technical security alerts. To address this growing threat to the government, corporations, educational institutions, and individuals, systems that are free of software vulnerabilities must be developed.

Coding errors cause the majority of software vulnerabilities. For example, 64 percent of the nearly 2,500 vulnerabilities in the National Vulnerability Database in 2004 were caused by programming errors [Heffley 2004].

Java is a relatively secure language. It has no explicit pointer manipulation; array and string bounds are automatically checked; attempts at referencing a null pointer are trapped; the arithmetic operations are well defined and platform independent, as are the type conversions. The built-in bytecode verifier ensures that these checks are always in place. Moreover, Java provides comprehensive, fine-grained security mechanisms that can control access to individual files, sockets, and other sensitive resources.

Java program safety, however, can be compromised. The remainder of this chapter describes use cases under which Java programs might be exploited and examples of rules that mitigate against these attacks. Not all of the rules apply to all Java language programs; frequently, their applicability depends on how the software is deployed and your assumptions concerning trust.

Input Validation and Data Sanitization

Leaking Sensitive Data

Type Safety

Leaking Capabilities

Denial of Service


Concurrency, Visibility, and Memory

Privilege Escalation


  1. Rules that involve capabilities: capability
    Rules that address the mitigation of sensitive information disclosure: sensitive
    Rules for preventing denial of service attacks resulting from resource exhaustion: resource-exhaustion
    Rules that enforce the principle of least privilege: least-privilege

  2. Hi there,

    I've not found any reference to any of Risk Assessment Summary legenda. Maybe that content should be part of Std Introduction.


    1. It's in the preface Priority and Levels I said 3 years later.