Introduction

 This site provides the comprehensive list of resources associated with security in Java. The list is divided into sections to make finding information easier. Much of the information presented here is also available at the COAST Archive.

The Top Ten Sites List provides the most comprehensive sites available on security in Java. If you are looking to find the most thorough resources or the "official" information on security in Java, check these sites first.

A BRIEF DESCRIPTION OF YOUR TOPIC.

EXPLAIN WHY YOUR TOPIC IS A SECURITY CONCERN.

ANYTHING ELSE IMPORTANT ON THIS TOPIC.

  • The JavaSoft Home Page
  • Java Security FAQ by JavaSoft
  • Digital Espresso , a weekly summary in web form of the traffic appearing in the Java mailing lists and news groups (link removed)

    • Publications

    Reports and Guides
    • The JavaSoft Home Page - need I say more?
    • Java bibliography - almost 1500 entries! Books, articles, periodicals, proceedings, Masters Thesis, etc about Java, in BibTeX format.
    • SIP News - Princeton Secure Internet Programming Team's security flaw announcements
    • Java Security Risk A major security exposure for all users running Java-enabled versions of Netscape's Navigator Web browser, Sun's HotJava Web Browser, and various implementations of Java developer software based on Sun's JDK. (link removed)
    • Enhancements in Netscape Navigator 2.02 - Java related enhancements for Netscape Navigator 2.02 (link removed)
    • Java Security contains java security related links (link removed)
    • Collection of Increasingly Hostile Applets is an interesting and popular page with source code for hostile applets, proceed with caution! (link removed)
    • Java Security, Denial of Service (5/10/96)
    • Java Applet Security: Sockets (5/7/96) (link removed)
    • Security - How is it Implemented in the Java language? by Wei Wang, Yi yan, and Lu Zang (link removed)
    • Chuck McManis' Java stuff (link removed)
    • Designing Secure Systems In Java by Chuck McManis, FreeGate Inc. (link removed)
    • CERT Advisory CA-96.05 (link removed), Java Implementations Can Allow Connections to an Arbitrary Host
    • Java Security (link removed)
    • JavaSoft's Java Security (link removed)
    • Security and Signed Applets (link removed)
    • Java Security API Overview
    • Java Cryptography Architecture API Specification & Reference (link removed)
    • The Navigator Java Environment: (link removed) Current Security Issues
    • Java InSecurity (link removed) a page maintained by Patricia Evans, contains a few security announcements

    Papers

    Articles
    • Bug in Java Security Enables Malicious Applets to Attack by Tova Fliegel (2/26/96) (link removed)
    • Yes, Java's Secure. Here's Why by Laura Lemay & Charles Perkins (link removed)
    • Security, an Introduction for Java Programmers - Become a more effective developer by knowing security concepts. By Jay Heiser, 2/20/97 (link removed)
    • Deadly Black Widow on the Web: Her Name is JAVA (5/5/96)
    • Black Widows and Evil Worms by Christopher Barr (5/27/96) (link removed)
    • Java Security, Take Two by Christopher Barr (6/10/96) (link removed)

    Periodicals
    • Java World IDG's magazine for the Java Community
    • Java Developer's Journal (link removed)

    Books & Book Information

    Research
    • Blocking Java Applets at the Firewall, by David Martin, S. Rafagopalan, and Avi Rubin. (link removed)
    • Web Graffiti & High Bandwidth Covert Channels Using Java, work in progress (link removed)
    • Java Security Research by Princeton's SIP Team, contains links to their different areas of research in java security including security analysis of Java, programming language support for security, and browser security.
    • Java Security Research at Reliable Software Technologies (link removed)
    • Java Security at U.C. Davis includes information on research involving classifying the various vulnerabilities in Java as well as pointers to Java Security relevant pages. (link removed)
    • Lava is an architecture to facilitate the secure delegation of mobile applets within the context of the Java environment. This link provides a postscript version of the thesis draft for this work. (link removed)
    • Security for Extensible Systems - Security concerns raised by extensible systems, such as Java or SPIN are discussed here (link removed)

    Products & Vendors
    • SurfinShield Xtra and SurfinGate by Finjan Software Company
    • Deep Cover Reliable Software Technologies' Java coverage tool that is helpful during testing (a key aspect of security)
    • Java Security: Managing The Risks, a multimedia tutorial on Java Security from MindQs Publishing Inc. (link removed)

    Testing
    • Deep Cover Reliable Software Technologies' Java coverage tool that is helpful during testing (a key aspect of security)

    Tools

    Newsgroups & Bulletins
    • Digital Espresso , a weekly summary in web form of the traffic appearing in the Java mailing lists and news groups
    • Java News - provides links to the latest Java-related news from online news sources such as magazines, press releases, etc. for topics such as Java development environments, Java industry support, Java porting efforts, security flaws etc. (link removed)
    • JavaSoft Forum 1.1 (link removed)
    • JavaSoft Forum 1.0.2 (link removed)
    • JavaSoft Forum 1.0.1 (link removed)
    • JavaSoft Forum 1.0.0 (link removed)
    • comp.lang.java.security (link removed)

    Frequently Asked Questions (FAQ)

    Credits for this Topic Page