Links

• Active-X
  Here you may find some of the malicious controls which use the security flaws in ActiveX. These controls were developed for Windows95.
  http://www.thur.de/~steffen/activex/index_e.html - Added Dec 10, 1999

• Cigital, Inc.
  Cigital helps commercial and government clients assure software quality and improve software development processes. Our Software Quality Management (SQM) solutions drive down the cost of deploying quality software and ensuring software reliability, security and performance. Cigital\'s expert consultants measure software quality by combining proprietary methodologies, tools and knowledge to perform full-lifecycle testing via a risk management framework. These metrics are used to drive application readiness decisions and identify the most cost-effective areas for software process improvement. Founded in 1992, Cigital (www.cigital.com) is headquartered in Northern Virginia with additional offices in Boston.
  http://www.cigital.com - Added Feb 27, 2004

• Deadly Black Widow on the Web: Her Name is Java
  http://www.westol.com/~informer/guide/java.html - Added Jun 11, 2003

• Digital Espresso
  http://www.mentorsoft.com/DE/ - Added Jun 11, 2003

• Finjan Safe Surfing, The Java Security Software Provider
  First-Strike SecurityTM A "first strike" is the first time a new malicious code attack is launched.
  http://www.finjan.com/ - Added Dec 10, 1999

• Java Developer\'s Journal
  http://www.javadevelopersjournal.com/java/ - Added Jun 11, 2003

• Java FAQ Archives
  Links to over 20 Java FAQs
  http://www.www-net.com/java/faq/ - Added Jun 11, 2003

• Java Homepage
  http://java.sun.com - Added Jun 11, 2003

• Java Security
  Newsletters on Java Security Issues.
  http://java.sun.com/security/ - Added Dec 10, 1999

• Java Security
  by Joseph A. Bank
  http://swissnet.ai.mit.edu/~jbank/javapaper/javapaper.html - Added Jun 11, 2003

• Java Security FAQ
  http://java.sun.com/sfaq/index.html - Added Jun 11, 2003

• Java Security FAQ
  The Unofficial Answers from the Princeton Secure Internet Programming Team
  http://www.cs.princeton.edu/sip/faq/java-faq.php3 - Added Jun 11, 2003

• Java Security FAQ at Princeton
  FAQ's about Java Security answered by the cs department at Princeton.
  http://www.cs.princeton.edu/sip/faq/java-faq.php3 - Added Dec 10, 1999

• Java Security Research
  by Princeton\'s SIP Team, contains links to their different areas of research in java security including security analysis of Java, programming language support for security, and browser security.
  http://www.cs.princeton.edu/sip/java/ - Added Jun 11, 2003

• Java Security Risk
  Researchers at Princeton's Computer Science Department and elsewhere have announced a major security exposure for all users running Java-enabled versions of Netscape's Navigator Web browser, Sun's HotJava Web Browser, and various implementations of
  http://www.princeton.edu/Announce/secbug.html - Added Dec 10, 1999

• Java Security Risk
  A major security exposure for all users running Java-enabled versions of Netscape\'s Navigator Web browser, Sun\'s HotJava Web Browser, and various implementations of Java developer software based on Sun\'s JDK.
  http://www.princeton.edu/Announce/secbug.html - Added Jun 11, 2003

• Java Security, Denial of Service
  http://java.sun.com/sfaq/denialOfService.html - Added Jun 11, 2003

• Java Security: From HotJava to Netscape and Beyond
  by Drew Dean, Edward W. Felten, and Dan S. Wallach
  http://www.cs.princeton.edu/sip/pub/secure96.html - Added Jun 11, 2003

• Java versus ActiveX
  The debate of whether ActiveX or Java is the way to develop Internet solutions is a misunderstanding of the terms and the technologies they represent. Rather than one or the othe
  http://www.cigital.com/presentations/sec-arch/tsld051.htm - Added Dec 10, 1999

• Java White Papers
  http://java.sun.com/docs/white/index.html - Added Jun 11, 2003

• Java World
  IDG\'s magazine for the Java Community
  http://www.javaworld.com - Added Jun 11, 2003

• JavaScript Problems I've Reported
  John LoVerso\'s web page about his discoveries of Javascript Problems.
  http://www.schooner.com/~loverso/javascript/ - Added Dec 10, 1999

• jotp, The java OTP (aka S/Key) calculator
  An OTP one-time password is calculated by combining a seed with a secret password known only to the user, and then repeatedly applying either the MD4 or MD5 secure hash algorithms a number of times equal to the sequence number. Each time the user is
  http://www.cs.umd.edu/~harry/jotp/ - Added Dec 10, 1999

• Low Level Security in Java
  http://java.sun.com/sfaq/verifier.html - Added Jun 11, 2003

• Secure Internet Programming News
  This page reports on security flaws in commercially available software. For more information about any of these items, contact Edward Felten.
  http://www.cs.princeton.edu/sip/history/ - Added Dec 10, 1999

• Security for Extensible Systems
  Security concerns raised by extensible systems, such as Java or SPIN are discussed here
  http://www.cs.nyu.edu/rgrimm//research/security.html - Added Jun 11, 2003

• SIP News
  Princeton Secure Internet Programming Team\'s security flaw announcements
  http://www.cs.princeton.edu/sip/history/ - Added Jun 11, 2003

• The comp.lang.java FAQ List
  Comprehensive faq with a small section on security
  http://www.ibiblio.org/javafaq/javafaq.html - Added Jun 11, 2003

• The Java Security FAQ
  Frequently Asked Questions - Java Security
  http://java.sun.com/sfaq/ - Added Dec 10, 1999

• The Java Security Hotlist
  A hotlist containing links to books, researchers, FAQs, papers, etc. pertaining to Java Security.
  http://www.cigital.com/javasecurity/links.html - Added Dec 10, 1999

• The Java Tutorial
  http://java.sun.com/docs/books/tutorial/ - Added Jun 11, 2003