Security Features in Java: Vulnerabilities and Comparisons
VerifiedAdded on 2023/06/10
|12
|2564
|340
Report
AI Summary
This report delves into the crucial aspects of security features within the Java programming language. It begins by emphasizing the significance of security in programming and positions Java's security measures in comparison to languages like C/C++. The report then elucidates key Java security featur...
Running Head: SECURITY FEATURES
Security Features
Name of the Student
Name of the University
Author Note
Security Features
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2SECURITY FEATURES
Table of Contents
Abstract............................................................................................................................................3
Security features in programming language....................................................................................3
Background......................................................................................................................................4
Buffer Overflow...........................................................................................................................4
SQL injection...............................................................................................................................5
JAVA security features....................................................................................................................7
Vulnerabilities..................................................................................................................................8
C vs C++ vs JAVA..........................................................................................................................9
Conclusion.....................................................................................................................................10
Reference.......................................................................................................................................11
Table of Contents
Abstract............................................................................................................................................3
Security features in programming language....................................................................................3
Background......................................................................................................................................4
Buffer Overflow...........................................................................................................................4
SQL injection...............................................................................................................................5
JAVA security features....................................................................................................................7
Vulnerabilities..................................................................................................................................8
C vs C++ vs JAVA..........................................................................................................................9
Conclusion.....................................................................................................................................10
Reference.......................................................................................................................................11
3SECURITY FEATURES
Abstract
This report will discuss about the importance of the security system of the programming
platforms. This report will also discuss about the security features that are present in the platform
of JAVA. Vulnerabilities of the platform will also be discussed. This report will also state the
differences between the programming languages namely JAVA and C/C++. The report will end
with the discussion of the most secured programming language that can be used with utmost
efficiency.
Security features in programming language
The need of the security system in the programming platform is very important as the imposers
who want to gain data from the platforms of the programming language. This is the reason that
the processing of data that are present in the database of the application can be approached by the
imposters who are allowed to approach the data. To stop this approach security measures are
taken and hence the importances of security feature are measured.
Java has been leading the course of the programming language in terms of the security of the
platform. Java is termed as one of the most robust platforms in terms of programming platforms
are concerned with.
Java is considered to be more secured than the programming language C/C++. This is due
to the reason that the development of JAVA was done keeping in mind the security features the
programming platform. However, during the processing f the programming languages namely C
and C++ the security of the platform was never the major concern for the programmers who built
the processing of the project. Leading to the fact that the robustness of the JAVA platform is way
Abstract
This report will discuss about the importance of the security system of the programming
platforms. This report will also discuss about the security features that are present in the platform
of JAVA. Vulnerabilities of the platform will also be discussed. This report will also state the
differences between the programming languages namely JAVA and C/C++. The report will end
with the discussion of the most secured programming language that can be used with utmost
efficiency.
Security features in programming language
The need of the security system in the programming platform is very important as the imposers
who want to gain data from the platforms of the programming language. This is the reason that
the processing of data that are present in the database of the application can be approached by the
imposters who are allowed to approach the data. To stop this approach security measures are
taken and hence the importances of security feature are measured.
Java has been leading the course of the programming language in terms of the security of the
platform. Java is termed as one of the most robust platforms in terms of programming platforms
are concerned with.
Java is considered to be more secured than the programming language C/C++. This is due
to the reason that the development of JAVA was done keeping in mind the security features the
programming platform. However, during the processing f the programming languages namely C
and C++ the security of the platform was never the major concern for the programmers who built
the processing of the project. Leading to the fact that the robustness of the JAVA platform is way
You're viewing a preview
Unlock full access by subscribing today!
4SECURITY FEATURES
m ore and higher than these platforms namely C and C++. The package does not matter inn case
of the private data type. The basic security feature of JAVA are as follows: -
ď‚· No use of pointers
ď‚· Exception handling concept
ď‚· Byte code is one of the most important thing that makes the platform very robust
ď‚· Tested Code reusability
ď‚· Access control function
ď‚· Protection from security attacks
ď‚· Garbage collection mechanism
ď‚· Type-safe reference casting in JVM
Background
Buffer Overflow
Buffer overflow occurs when the processing of the data tries to write more that the capacitive
data in the fixed length of block memory. In this case, the buffer, which is out of memory, stops
functioning leading to the fact that the processing of the data also stops. This ensures that the
entire process of buffer is put into hold (Lee, Jeong & Son, 2017). Due t the fact that buffer can
hold only a certain memory, the processing of the data is pre defined and the extra data that is
being hold can overwrite the data values in terms of the processing of the data to the adjacent
memory. This affect leads to the terminology that the data that are perfectly defined with the
usage of the flags, overwrite the data in the data table leading to the fact of string the most recent
data and overwriting the data that is already stored in the data table of the system that is dealing
with this feature.
m ore and higher than these platforms namely C and C++. The package does not matter inn case
of the private data type. The basic security feature of JAVA are as follows: -
ď‚· No use of pointers
ď‚· Exception handling concept
ď‚· Byte code is one of the most important thing that makes the platform very robust
ď‚· Tested Code reusability
ď‚· Access control function
ď‚· Protection from security attacks
ď‚· Garbage collection mechanism
ď‚· Type-safe reference casting in JVM
Background
Buffer Overflow
Buffer overflow occurs when the processing of the data tries to write more that the capacitive
data in the fixed length of block memory. In this case, the buffer, which is out of memory, stops
functioning leading to the fact that the processing of the data also stops. This ensures that the
entire process of buffer is put into hold (Lee, Jeong & Son, 2017). Due t the fact that buffer can
hold only a certain memory, the processing of the data is pre defined and the extra data that is
being hold can overwrite the data values in terms of the processing of the data to the adjacent
memory. This affect leads to the terminology that the data that are perfectly defined with the
usage of the flags, overwrite the data in the data table leading to the fact of string the most recent
data and overwriting the data that is already stored in the data table of the system that is dealing
with this feature.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5SECURITY FEATURES
Source code
if (!(png_ptr->mode & PNG_HAVE_PLTE)) {
/* Should be an error, but we can cope with it */
png_warning(png_ptr, "Missing PLTE before tRNS");
}
else if (length > (png_uint_32)png_ptr->num_palette) {
png_warning(png_ptr, "Incorrect tRNS chunk length");
png_crc_finish(png_ptr, length);
return;
}
...
png_crc_read(png_ptr, readbuf, (png_size_t)length);
SQL injection
SQL is an application entitled attack based on the processing of the application layer technique
and hackers and imposters to steal data from the organizations by targeting the applications that
re web based use the processing. The verification of the code is the most important terminology
to test the processing of the data.
Source code
String DRIVER = "com.ora.jdbc.Driver";
String DataURL = "jdbc:db://localhost:5112/users";
Source code
if (!(png_ptr->mode & PNG_HAVE_PLTE)) {
/* Should be an error, but we can cope with it */
png_warning(png_ptr, "Missing PLTE before tRNS");
}
else if (length > (png_uint_32)png_ptr->num_palette) {
png_warning(png_ptr, "Incorrect tRNS chunk length");
png_crc_finish(png_ptr, length);
return;
}
...
png_crc_read(png_ptr, readbuf, (png_size_t)length);
SQL injection
SQL is an application entitled attack based on the processing of the application layer technique
and hackers and imposters to steal data from the organizations by targeting the applications that
re web based use the processing. The verification of the code is the most important terminology
to test the processing of the data.
Source code
String DRIVER = "com.ora.jdbc.Driver";
String DataURL = "jdbc:db://localhost:5112/users";
6SECURITY FEATURES
String LOGIN = "admin";
String PASSWORD = "admin123";
Class.forName(DRIVER);
//Make connection to DB
Connection connection = DriverManager.getConnection(DataURL, LOGIN,
PASSWORD);
String Username = request.getParameter("USER"); // From HTTP request
String Password = request.getParameter("PASSWORD"); // From HTTP request
int iUserID = -1;
String sLoggedUser = "";
String sel = "SELECT User_id, Username FROM USERS WHERE Username = '"
+Username + "' AND Password = '" + Password + "'";
Statement selectStatement = connection.createStatement ();
ResultSet resultSet = selectStatement.executeQuery(sel);
String LOGIN = "admin";
String PASSWORD = "admin123";
Class.forName(DRIVER);
//Make connection to DB
Connection connection = DriverManager.getConnection(DataURL, LOGIN,
PASSWORD);
String Username = request.getParameter("USER"); // From HTTP request
String Password = request.getParameter("PASSWORD"); // From HTTP request
int iUserID = -1;
String sLoggedUser = "";
String sel = "SELECT User_id, Username FROM USERS WHERE Username = '"
+Username + "' AND Password = '" + Password + "'";
Statement selectStatement = connection.createStatement ();
ResultSet resultSet = selectStatement.executeQuery(sel);
You're viewing a preview
Unlock full access by subscribing today!
7SECURITY FEATURES
if (resultSet.next()) {
iUserID = resultSet.getInt(1);
sLoggedUser = resultSet.getString(2);
}
PrintWriter writer = response.getWriter ();
if (iUserID >= 0) {
writer.println ("User logged in: " + sLoggedUser);
} else {
writer.println ("Access Denied!")
}
JAVA security features
ď‚· JAVA security model consists of the processing of the data that intend to help the users
for the processing of the entrusted resource using the sand box technology. This feature
helps the JAVA feature to run inside the sand box and the processing is maintained for
the processing of the reading and writing of the local disk (Bouffard & Lanet, 2015).
ď‚· Type safe casting in JVM includes the fact that the processing of the data that are
referenced are monitored intensively by the JVM, leading to the fact that the processing
if (resultSet.next()) {
iUserID = resultSet.getInt(1);
sLoggedUser = resultSet.getString(2);
}
PrintWriter writer = response.getWriter ();
if (iUserID >= 0) {
writer.println ("User logged in: " + sLoggedUser);
} else {
writer.println ("Access Denied!")
}
JAVA security features
ď‚· JAVA security model consists of the processing of the data that intend to help the users
for the processing of the entrusted resource using the sand box technology. This feature
helps the JAVA feature to run inside the sand box and the processing is maintained for
the processing of the reading and writing of the local disk (Bouffard & Lanet, 2015).
ď‚· Type safe casting in JVM includes the fact that the processing of the data that are
referenced are monitored intensively by the JVM, leading to the fact that the processing
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8SECURITY FEATURES
of the JVM will ensure the fact that the data management will get cast invalid in terms of
the processing of the data will be cast invalid. Structured error handling also plays an
important role in the processing of the JVM
ď‚· The program that is binary in nature RUNS ON THE java PPLATFORM with the help of
the generation of the decode. This ensures the affect that the generating of the byte code
will be intermediate in nature. The JVM performs the verification if the byte code before
running the become to prevent the program to run unsafe data. This fact ensures the
processing of the data management and run time constrains namely bound checking and
memory safety (Bouffard & Lanet, 2015).
ď‚· The JAVA class library deals with the methodology that the processing of the JAVA
class library provide a huge number of API related security in terms of the processing of
the cryptographic algorithms and authentication of the secured communication protocol.
ď‚· Tested code reusability ensures the encapsulation of the data that is under the transaction
process and support is provided for the concept of the programming by contract. Thus
factor allows the developers to re use the code which has already been tested during the
developing of the JAVA enterprise system
Vulnerabilities
ď‚· Executing a dynamically generated code is the most common vulnerability that affects
several places. The developers are also aware of this vulnerability leading to the fact that
the processing of the SQL injection attacks takes place (Lancia & Bouffard, 2015).
ď‚· Directly writing an HTTP parameter to servlet output brings reflected, cross-site scripting
vulnerability. This process occurs when the manifest of the attack gets injected and the
of the JVM will ensure the fact that the data management will get cast invalid in terms of
the processing of the data will be cast invalid. Structured error handling also plays an
important role in the processing of the JVM
ď‚· The program that is binary in nature RUNS ON THE java PPLATFORM with the help of
the generation of the decode. This ensures the affect that the generating of the byte code
will be intermediate in nature. The JVM performs the verification if the byte code before
running the become to prevent the program to run unsafe data. This fact ensures the
processing of the data management and run time constrains namely bound checking and
memory safety (Bouffard & Lanet, 2015).
ď‚· The JAVA class library deals with the methodology that the processing of the JAVA
class library provide a huge number of API related security in terms of the processing of
the cryptographic algorithms and authentication of the secured communication protocol.
ď‚· Tested code reusability ensures the encapsulation of the data that is under the transaction
process and support is provided for the concept of the programming by contract. Thus
factor allows the developers to re use the code which has already been tested during the
developing of the JAVA enterprise system
Vulnerabilities
ď‚· Executing a dynamically generated code is the most common vulnerability that affects
several places. The developers are also aware of this vulnerability leading to the fact that
the processing of the SQL injection attacks takes place (Lancia & Bouffard, 2015).
ď‚· Directly writing an HTTP parameter to servlet output brings reflected, cross-site scripting
vulnerability. This process occurs when the manifest of the attack gets injected and the
9SECURITY FEATURES
processing is within the single HTTP code. This leads to the malicious crafted links to the
processing of the victims (Dubey & Misra, 2016).
C vs C++ vs JAVA
This fact van also be proven with the number f rules each platform has. The number if rules for
JAVA is 168 and these are the rules that are required for the processing of the programming
language with proper efficiency. These rules act as the pebble for the processing of the platform.
These rules are must follow as the processing of the platform is due to the fact that the rules it
possess is very robust in nature (Bayer & Reich, 2017). This feature if the rule of the platform
being robust in nature takes into consideration the fact that the data processing in the platform of
JAVA is also very robust in nature. This includes the fact that the data processing that is done
stays secure and the framework which is very robust in nature is responsible for the security of
the data in the platform. This fact ensures that the processing of the data in this platform will
process the entre code, store the code that is being run and take a back up of the same code and
then start evaluating the coed. The major factors that make java more robust and more secured
than other computing languages are the properties like inheritance and encapsulation. Inheritance
is a process by which the properties one class is inherited by another class in java (Singh, 2014).
This aspect helps in keeping a back up of the data that is once produced during the processing of
data. This fact ensures that the data processing will be done with the help of the back up that is
one of the vital characteristics of java. In this feature, objects are created ;leading to the fact that
the objects of one class is inherited by other classes which acts as the major reason for the
processing of the back up of the data. This objects can be inherited by any lass until the object is
private in nature. The diversion of the platform in terms of default, public and private also
processing is within the single HTTP code. This leads to the malicious crafted links to the
processing of the victims (Dubey & Misra, 2016).
C vs C++ vs JAVA
This fact van also be proven with the number f rules each platform has. The number if rules for
JAVA is 168 and these are the rules that are required for the processing of the programming
language with proper efficiency. These rules act as the pebble for the processing of the platform.
These rules are must follow as the processing of the platform is due to the fact that the rules it
possess is very robust in nature (Bayer & Reich, 2017). This feature if the rule of the platform
being robust in nature takes into consideration the fact that the data processing in the platform of
JAVA is also very robust in nature. This includes the fact that the data processing that is done
stays secure and the framework which is very robust in nature is responsible for the security of
the data in the platform. This fact ensures that the processing of the data in this platform will
process the entre code, store the code that is being run and take a back up of the same code and
then start evaluating the coed. The major factors that make java more robust and more secured
than other computing languages are the properties like inheritance and encapsulation. Inheritance
is a process by which the properties one class is inherited by another class in java (Singh, 2014).
This aspect helps in keeping a back up of the data that is once produced during the processing of
data. This fact ensures that the data processing will be done with the help of the back up that is
one of the vital characteristics of java. In this feature, objects are created ;leading to the fact that
the objects of one class is inherited by other classes which acts as the major reason for the
processing of the back up of the data. This objects can be inherited by any lass until the object is
private in nature. The diversion of the platform in terms of default, public and private also
You're viewing a preview
Unlock full access by subscribing today!
10SECURITY FEATURES
ensures the fact that the data processing is much more secured in the processing of the data. This
fact ensures that the data that is default in nature can be approached and inherited by other
classes of same type by the classes that are different in type cannot access the data that are
default in nature. The data that are public in nature can be approached by the processing of the
classes that re of its type and the classes that re not of its type and in case of private data type the
data can not be accessed by the processing of the other classes. These features are not present in
C and C++ (Dwivedi & Rath, 2015). The feature of pointer of C and C++ that used for the
addressing purpose is not present in JAVA. JAVA is a platform independent language unlike C.
Conclusion
From the above report it can be can be concluded that JAVA is one of the most secured
language, taking into consideration the features of the other high level languages including the
other high level programming languages. This fact ensures that the usage of JAVA is very
efficient in nature and the processing ensures that the data processing is secured in nature too.
Despite the high security provided by the platform of JAVA, ASP provides more robustness as
only 15% vulnerability is found till date regarding the processing of the ASP. Hence ASP will
act to be a better language than JAVA in terms of security, hence use of ASP is highly
recommended.
ensures the fact that the data processing is much more secured in the processing of the data. This
fact ensures that the data that is default in nature can be approached and inherited by other
classes of same type by the classes that are different in type cannot access the data that are
default in nature. The data that are public in nature can be approached by the processing of the
classes that re of its type and the classes that re not of its type and in case of private data type the
data can not be accessed by the processing of the other classes. These features are not present in
C and C++ (Dwivedi & Rath, 2015). The feature of pointer of C and C++ that used for the
addressing purpose is not present in JAVA. JAVA is a platform independent language unlike C.
Conclusion
From the above report it can be can be concluded that JAVA is one of the most secured
language, taking into consideration the features of the other high level languages including the
other high level programming languages. This fact ensures that the usage of JAVA is very
efficient in nature and the processing ensures that the data processing is secured in nature too.
Despite the high security provided by the platform of JAVA, ASP provides more robustness as
only 15% vulnerability is found till date regarding the processing of the ASP. Hence ASP will
act to be a better language than JAVA in terms of security, hence use of ASP is highly
recommended.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11SECURITY FEATURES
Reference
Dwivedi, A. K., & Rath, S. K. (2015). Incorporating security features in service-oriented
architecture using security patterns. ACM SIGSOFT Software Engineering Notes, 40(1),
1-6.
Singh, R. (2014). An Overview of Android Operating System and Its Security. Int. Journal of
Engineering Research and Applications, 4(2), 519-521.
Bayer, T., & Reich, C. (2017). Security of mobile agents in distributed java agent development
framework (JADE) platforms.
Dubey, A., & Misra, A. (2016). Android security: attacks and defenses. Auerbach Publications.
Dumoulin, C., Franciscus, G., & Husted, T. (2017). Struts in Action Building web applications
with the leading Java framework. Manning Publications Co..
Devi, T., & Ganesan, R. (2015). Platform-as-a-Service (PaaS): Model and Security
Issues. International Journal of Advances in Applied Sciences, 4(1), 13-23.
Lancia, J., & Bouffard, G. (2015, November). Java card virtual machine compromising from a
bytecode verified applet. In International Conference on Smart Card Research and
Advanced Applications (pp. 75-88). Springer, Cham.
Aafer, Y., Zhang, X., & Du, W. (2016, August). Harvesting Inconsistent Security Configurations
in Custom Android ROMs via Differential Analysis. In USENIX Security Symposium (pp.
1153-1168).
Reference
Dwivedi, A. K., & Rath, S. K. (2015). Incorporating security features in service-oriented
architecture using security patterns. ACM SIGSOFT Software Engineering Notes, 40(1),
1-6.
Singh, R. (2014). An Overview of Android Operating System and Its Security. Int. Journal of
Engineering Research and Applications, 4(2), 519-521.
Bayer, T., & Reich, C. (2017). Security of mobile agents in distributed java agent development
framework (JADE) platforms.
Dubey, A., & Misra, A. (2016). Android security: attacks and defenses. Auerbach Publications.
Dumoulin, C., Franciscus, G., & Husted, T. (2017). Struts in Action Building web applications
with the leading Java framework. Manning Publications Co..
Devi, T., & Ganesan, R. (2015). Platform-as-a-Service (PaaS): Model and Security
Issues. International Journal of Advances in Applied Sciences, 4(1), 13-23.
Lancia, J., & Bouffard, G. (2015, November). Java card virtual machine compromising from a
bytecode verified applet. In International Conference on Smart Card Research and
Advanced Applications (pp. 75-88). Springer, Cham.
Aafer, Y., Zhang, X., & Du, W. (2016, August). Harvesting Inconsistent Security Configurations
in Custom Android ROMs via Differential Analysis. In USENIX Security Symposium (pp.
1153-1168).
12SECURITY FEATURES
Amin, N., & Tate, R. (2016, October). Java and scala's type systems are unsound: the existential
crisis of null pointers. In Proceedings of the 2016 ACM SIGPLAN International
Conference on Object-Oriented Programming, Systems, Languages, and
Applications (pp. 838-848). ACM.
Bouffard, G., & Lanet, J. L. (2015). The ultimate control flow transfer in a Java based smart
card. Computers & Security, 50, 33-46.
Jain, S., Vaibhav, A., & Goyal, L. (2014, February). Raspberry Pi based interactive home
automation system through E-mail. In Optimization, Reliabilty, and Information
Technology (ICROIT), 2014 International Conference on (pp. 277-280). IEEE.
Mesbah, A., Lanet, J. L., & Mezghiche, M. (2017). Reverse engineering a Java Card memory
management algorithm. computers & security, 66, 97-114.
Lee, Y., Jeong, J., & Son, Y. (2017). Design and implementation of the secure compiler and
virtual machine for developing secure IoT services. Future Generation Computer
Systems, 76, 350-357.
Amin, N., & Tate, R. (2016, October). Java and scala's type systems are unsound: the existential
crisis of null pointers. In Proceedings of the 2016 ACM SIGPLAN International
Conference on Object-Oriented Programming, Systems, Languages, and
Applications (pp. 838-848). ACM.
Bouffard, G., & Lanet, J. L. (2015). The ultimate control flow transfer in a Java based smart
card. Computers & Security, 50, 33-46.
Jain, S., Vaibhav, A., & Goyal, L. (2014, February). Raspberry Pi based interactive home
automation system through E-mail. In Optimization, Reliabilty, and Information
Technology (ICROIT), 2014 International Conference on (pp. 277-280). IEEE.
Mesbah, A., Lanet, J. L., & Mezghiche, M. (2017). Reverse engineering a Java Card memory
management algorithm. computers & security, 66, 97-114.
Lee, Y., Jeong, J., & Son, Y. (2017). Design and implementation of the secure compiler and
virtual machine for developing secure IoT services. Future Generation Computer
Systems, 76, 350-357.
You're viewing a preview
Unlock full access by subscribing today!
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.