SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere Nutzervereinbarung und die Datenschutzrichtlinie.
SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere unsere Datenschutzrichtlinie und die Nutzervereinbarung.
Scribd wird den Betrieb von SlideShare ab 1. Dezember 2020 übernehmen.Ab diesem Zeitpunkt liegt die Verwaltung Ihres SlideShare-Kontos sowie jeglicher Ihrer Inhalte auf SlideShare bei Scribd. Von diesem Datum an gelten die allgemeinen Nutzungsbedingungen und die Datenschutzrichtlinie von Scribd. Wenn Sie dies nicht wünschen, schließen Sie bitte Ihr SlideShare-Konto. Mehr erfahren
Java has a security model targeted at running applets and untrusted code, so you don’t need to worry about running your own code on your own servers, right? In fact, there are several vulnerability patterns that can affect server-side Java applications, and this presentation outlines some of the steps you should take to ensure that your server room is not compromised. It looks at the established techniques for enhancing your security and shows new technology from IBM that addresses several attack vectors.
Potential issues attributed to the application's computing platform
Risks from mis-configuration or manipulation of the computer
system hosting the application.
Vulnerabilities affecting the safe and secure operation of the application and its data by
deliberate or inadvertent unauthorized manipulation of the system.
CWE-842: Placement of User into Incorrect Group
The software or the administrator places a user into an incorrect group.
CWE-605: Multiple Binds to the Same Port
When multiple sockets are allowed to bind to the same port, other services on that port
may be stolen or spoofed.
CWE-405: Asymmetric Resource Consumption (Amplification)
Software that does not appropriately monitor or control resource consumption can lead to
adverse system performance. Sometimes this is a factor in "flood" attacks, but other
types of amplification exist.
Potential issues attributed to Java-specific weaknesses
Using APIs as they are intended to be used, and adopting
mitigating actions for those with known high risk.
Designing the application and using coding patterns that promote secure practices, while
avoiding those shown to be at risk of introducing vulnerabilities.
CWE-227: Improper Fulfillment of API Contract ('API Abuse')
The software uses an API in a manner contrary to its intended use, or makes assumptions
that are not assured by the API documentation.
CWE-487: Reliance on Package Level Scope
Java packages are not inherently closed; therefore, relying on them for code security is
not a good practice.
CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
The application uses external input with reflection to select which classes or code to
use, but it does not sufficiently prevent the input from selecting improper classes or
Application and Middleware
Potential issues attributed to concepts in the application middleware stack
Ensuring correct usage of high-level concepts and their
semantics by developers.
Potential risks by defining behavior and manipulating data at
different levels of application-defined authority.
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The software receives input from an upstream component, but it does not neutralize or
incorrectly neutralizes code syntax before using the input in a dynamic evaluation call
CWE-579: J2EE Bad Practices: Non-serializable Object Stored in Session
The application stores a non-serializable object as an HttpSession attribute, which means
the session cannot be replicated across JVMs.
CWE-613: Insufficient Session Expiration
Insufficient Session Expiration is when a web site permits an attacker to reuse old
session credentials or session IDs for authorization.
Potential issues attributed to concepts in management of user level controls
Ensuring that the logical unit of work encapsulated as application
sessions are secure, robust, and do not lead to data exposure.
Protecting the integrity of shared secrets and methods for establishing identity of users,
systems, applications, etc
CWE-268: Privilege Chaining
Privileges, roles, capabilities, or rights can be combined in a way that allows an entity
to perform unsafe actions that would not be allowed without that combination.
CWE-272: Least Privilege Violation
Elevated privilege levels required to perform operations should be dropped immediately
after the operation is performed.
CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Attackers can easily modify cookies and can bypass protection mechanisms such as
authorization and authentication by modifying the cookie to contain an expected value.
CWE-732: Incorrect Permission Assignment for Critical Resource
Giving permissions to a wider range of actors than required, could lead to the exposure
of sensitive information, or the modification of that resource by unintended parties.
Risks for systems that depend upon secure communications
Avoiding numerous risks that may diminish the assurances of
secrecy through the use of cryptographic techniques.
Protecting the integrity of secure data exchange and methods for establishing identity of the
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may
result in the exposure of sensitive information.
CWE-337: Predictable Seed in PRNG
A PRNG is initialized from a predictable seed, e.g. using process ID or system time.
CWE-299: Improper Check for Certificate Revocation
The software does not check or incorrectly checks the revocation status of a certificate,
which may cause it to use a certificate that has been compromised.
CWE-297: Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does
not properly ensure that the certificate is actually associated with that host.
Risks in managing the data you use to achieve a business objective
Risks associated with application data being modified by, or
exposed to, those with no business need for such access.
Increasing the security assurances around application data that is exposed to external storage,
either temporarily or permanently.
CWE-313: Cleartext Storage in a File or on Disk
The application stores sensitive information in cleartext in a file, or on disk that
could be read by attackers with access to the file, or with physical or administrator
access to the raw disk.
CWE-499: Serializable Class Containing Sensitive Data
The code contains a class with sensitive data, but the class does not explicitly deny
serialization. The data can be accessed by serializing the class through another class.
CWE-359: Privacy Violation
Mishandling private information, such as customer passwords or social security numbers,
can compromise user privacy and is often illegal..
Consideration of risks handling data associated with the computing
Risks associated with storing descriptive system history in
shared log locations.
Risks of inadvertently disclosing through system tools and behavior information that is
protected by the application.
CWE-532: Information Exposure Through Log Files
While logging all information may be helpful during development stages, it is important
that logging levels be set appropriately before a product ships so that sensitive user
data and system information are not accidentally exposed to potential attackers.
CWE-208: Information Exposure Through Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a
way that is observable to an actor and reveals security-relevant information about the
state of the product, such as whether a particular operation was successful or not.
CWE-530: Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory that is accessible to actors outside of the
intended control sphere.
Summary – securing Java in the server room
risk assessment for type of application
define integrity and confidentiality goals
identify applicable policies
assurances about the computing platform
secure engineering practices
mitigation and avoidance of known risks
security testing and review
user and administrator guidance
configuration management control and auditing
intrusion detection and monitoring
action plan for dealing with security incidents
ability to regularly scan deployed systems to
proactive pre-deployment scans & scheduled
collects and analyses events to identify priorities
analytics identifies application vulnerabilities
map events back to code level issues
integrated with network intrusion detection
issues a “virtual patch”to protect specific