Trying to fix out what’s new in Java is much like trying to follow the cat – it just goes anywhere it wants, digging into whatever comes on its way. Same goes with Java that appears to be fully integrated in all kinds of mobile, cloud and other related spaces.
What we’re trying to do is to figure out the most visible paths Java is going to take in 2013.
Oracle appeared to be really linked with Java in most possible ways. This means application developers soon will have to cope not only with Java’s bugs, but with Oracle bad features as well. That’s what you shall get ready for right now. Also the credibility of Java has been severely damaged through its lack of security features we all could see in Java 7. This all led to the real bunch of users switching off Java.
We have to admit that usual ways of securing the application like firewalls are not working now. On the other hand more and more people are now using web applications and this is what shall be defended properly. Let’s see the best ways of how to secure the web application.
The strategy will mostly depend on the structure and architecture of the current application. Remember to test every defending system you come up with.
The main course will be the total agnosticism in the programming language.
The most suited case for the application developers and protectors is the well-known DEV522: Defending Web Applications Security Essentials.
Here is the list of main topics to be discussed there:
- Application language configuration
- Application coding errors like SQL Injection and Cross-Site Scripting
- Infrastructure Security
- Server Configuration
- Authentication Bypass
- Web services and related flaws
- Authentication mechanisms
- XPATH and XQUERY languages and injection
- Business logic flaws
- Cross-Site Request Forging
- Web 2.0 and its use of web services
- Protective HTTP Headers