This is a whitepaper discussing insecure authentication control in J2EE implemented using sendRedirect().
b2a82a30b0720aba342064d33edf9fea0ba6e7a76c0c2af4a6533a79e5904233
This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.
d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0d
Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
bb2851a7d694bdfdc081c72877ac631b96b1d0fc6f302e1493882794b986f6d1
Whitepaper called EvilQR – When QR Code Goes Bad . This is a security assessment of mobile QR readers.
7b3b37a824d45432f4d5dca8cf6fa59589898640f214c2a42d3938d5a4f243fd
Brief whitepaper discussing security improvements that should be implemented in JBoss application server installations.
9d8bd975a438fe494117107585a9733dd18a0b69956abd53aa48b5f1f79f1711
Whitepaper called JBoss Application Server - Deploying WARs with the DeploymentFileRepository MBean. It explains how to deploy WAR files with the DeploymentFileRepository MBean and how this is even possible with Cross Site Request Forgery (CSRF).
2b28435f67d4a1793c1870facfaae72374fc2a1430fd149b322df22d02ec8a3a
Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.
33dd9cf75d17e73d0b9c873025e3dd464002ef35b74dc38578987a00ee29000d
Whitepaper entitled Cracking String Encrypting in Java Obfuscated Bytecode.
b3a054932b76ff48af0039a46178eecf584bc4eb5e4ead1c864b310c0394d2cb
Accessing Java Clients with the BeanShell. This whitepaper goes into detail discussing the assessment of Java applications utilizing the BeanShell.
d88b3a4015272cba9306c073c84c23f81966ed4e83fa15e3f4ca6721bd9b240e
Blocking Java Applets at the Firewall. Discussion about blocking hostile applets at firewalls.
5d77e9bbd24ea43c564b75db7a9698fb057843665c22a2b4a3a7970c78535e9c
Java is not type-safe.
7d73a4bf7b601e4155d31696f599b6ab14e49f2ee93ff8ae761ca056fff59345
The Security of Static Typing with Dynamic Linking.
0113243ed194973b320225cf70b90ee330858eea09539ef4a7a739c5c8983b72
A Comparison between Java and Active X Security.
b727e282eeab6c93a6ab0fc5dc264a2c5000803262bf98d83d83a28d2c378225
Foresight Computer Security Fact Forum. Discussion of the Java Security Model.
d37671c9e07f0185ab9588b392287687ec0c6f419ae111589a2e41105c2a2554
Defensive Java Virtual Machine Version 0.5 alpha Release. Built in ACL2.
923d0c210fb0b95a1401ef4399bd66906ef94c5d9e4a15ea88925bdd27370025
Experience with Secure Multi-Processing in Java.
6b2399049d80b231f1ebff6b737cf10d9ad96fd27bba7950de67f2186f8d621e
Software Assurance for Security.
96780e992d9a103c5547758d5c309d02324edb269ddd51933f19883cc0752881
One of the first papers presented on Java Security.
f8dc39dc8ff5844294998d078c0411afec262822c59ecdecf58bc963436ed142
Work on the Java Type System.
905d2a3caa5d56f8aef840612acd90730d5a7195b8320b80af3cc36b9f0ca289
Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2
82ee3fa459d723dfe44487556ed107ec77554ab3a1e03fc8ed785edecbe61063
Implementing Protection Domains in the Java Development Kit 1.2.
62a64f8fa36c4307eaffcbb13d04ab6ad99c0b1b4405b057eab300ec787786ad
Java Security: Weaknesses and Solutions. Early paper on Java security and problems in the VM.
7f323cac7f4d8c3f560fb458789be16f7e26a5745cb63bb0969ec64254ff4200
Mobile Code Bibliography. A collection of mobile code publications.
ff2014830bd1405ed05fb4c2c0018c99b1eb9a12a8d61f431314133aade13b24
Security Breaches in the JDK 1.1 beta 2 security API.
cbc6054b0828c31ee8555a26e7f57e83a4991f121da7ffdcb34b90345e2fa9fe
Java Security: From HotJava to Netscape and Beyond. A classic paper on the security of Java.
b85f385f8193474766ce1356143a6c567256b54db47b595733709d3f9289c71c