The fundamental security problem with web applications — that all user input is untrusted — gives rise to a number of security mechanisms that applications use to defend themselves against attack. Virtually all applications employ mechanisms that are conceptually similar, although the details of the design and the effectiveness of the implementation differ very widely … Read more
Several years after their widespread adoption, web applications on the Internet today are still rife with vulnerabilities. Understanding of the security threats facing web applications, and effective ways of addressing these, remains immature within the industry. There is currently little indication that the problem factors described previously are going to go away in the near … Read more
As with any new class of technology, web applications have brought with them a new range of security vulnerabilities. The set of most commonly encountered defects has evolved somewhat over time. New attacks have been conceived that were not considered when existing applications were developed. Some problems have become less prevalent as awareness of them … Read more
In the early days of the Internet, the World Wide Web consisted only of web sites. These were essentially information repositories containing static documents, and web browsers were invented as a means of retrieving and displaying those documents, as shown in Figure. The flow of interesting information was one-way, from server to browser. Most sites … Read more
There is no doubt that web application security is a current and very news-worthy subject. For all concerned, the stakes are high: for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank … Read more
A Bytecode Example Though you may not realize it, you have already seen an example of bytecode or at least its human readable format. The output generated by the javap command when we ran it with the -c flag contained a disassembly of each of the methods in the class file. Let’s consider now the … Read more
We said that the constant pool contains a great deal of information. In fact it contains an interesting mixture of items. The constant pool combines the function of a symbol table for linking purposes as well as a repository for constant values and string literals present in the source code. It may be considered as … Read more
The class file contains a lot more information than its cousin, the executable file. Of course, it still contains the same type of information: program requirements, an identifier indicating that this is a program and executable code (bytecode, in this case). However, it also contains some very rich information about the original source code. The … Read more
Moving back to the world of Java, we see that it is a high-level programming language and that bytecode is the low-level machine language of the JVM. Java is an object-oriented language; that is, it deals primarily with objects and their interrelationships. Objects are best thought of in this context as a collection of data … Read more
The Traditional Development Life Cycle Java is a compiled language. That is, source code is written in a high-level language and then converted through a process of compilation to a machine-level language, the Java bytecode, which then runs on the Java Virtual Machine (JVM). Before we look more closely at Java bytecode. Program files are … Read more