Posts Tagged ‘Java’

Using Enum Pattern in Java < 1.5

Tuesday, December 16th, 2008

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Alright!!! Let’s get started. This is one of many subjects which always overwhelms me. Why so? Ofcourse, the reasons can not be explained here but then, the reason should be the least of your worries.

Okay, if you know enough about this, then please post your knowledge tips as comments because your comments might help towards my unexplained reasons.

You may find similar information on other websites but then, it’s a wild world and I am not intending to infringe any copyrights.

Now to begin with, let’s first understand how to evaluate the performance of java code and protect the java code from tainted objects. We’ve already talked about Tainted Object Propagation in my previous post in context with databases. now, it is in context with application code.

I’ll explain this with an example of enum pattern.

We can have enums in Java in two ways. Continue for detailed reading

© Safer Code | Using Enum Pattern in Java < 1.5

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , , , , ,
Posted in General, Java, Security | 1 Comment »

Tainted Object Propagation

Monday, December 8th, 2008

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Basically, Tainted Object Propagation is the term defined for using incorrect or invalid inputs to get more than required information from the system and in some cases, taking control of the system. Although this technique is much widely used to misuse web applications and database oriented applications, but this holds true for any API publisher who exposes his API’s to third party application writers.

Again, just like previous post, Let’s start with an example.

Consider that a web page or an application takes an input “userName” and the application executes the following query to find that particular user.

HttpServletRequest request = ...;
String userName = request.getParameter("name");
Connection con = ...
String query = "SELECT * FROM Users " + " WHERE name = ’" + userName + "’";
con.execute(query);

Now, this is the usual code written by programmers to get the particular from the database. Now, if an attacker gets the control of the userName field, he can set it to ‘OR 1=1; This query allows the user to circumvent user name check and returns all the users from the database. In this case, the input variable “userName” is considered as Tainted Object.

Continue Reading

© Safer Code | Tainted Object Propagation

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , ,
Posted in General, Java, Security | 4 Comments »

And So It Begins…

Tuesday, October 14th, 2008

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Thousands of sites around the interwebs are devoted to programming and producing code. But there is something missing. This “something” is actually the most important piece of the puzzle. This piece is about how “safe” and “efficient” your code is. There are programmers all over, but a very small minority is worried about finding all the loopholes in their code. Infact, most don’t even know there could be loopholes even as they start writing their program (more on this very soon ;) ). And many times, you’d see people creating a jet fighter for something that could be solved with a bicycle (although the pace would be vice-versa).

The problem here is that there are many things that are not taught in the schools, the knowledge might be out there on the internet, but either it is fuzzy, not properly explained or is plagued by just too much of information overload. You cannot imagine yourself (and everyone else around you) to sit in a week-long class and emerge a champion programmer. It has to seep in gradually.

So, this is an attempt to solve the problem. We’ll bring you the concepts to make your code a fortress. We’ll bring them at a gradual pace that gives you time to learn, understand, ask questions and imbibe them into your daily routines. The problems and solutions would range from the very basics and trivia to the most advanced. We’d concentrate mostly on examples through C/C++ with a bit of JAVA and others interspersed here and there when needed but most concepts learned could be as well applied to any language. We’ll not tell you how to program, we assume you already know, but we’ll tell you how to program efficiently and securely.

So, if you are a college goer, or a fresher just into the corporate world, or an experienced professional, we have something for you all, to make you so capable that you can take a running program and re-write it so that it runs for years without crashing, being exploited to death, or taking a ton of memory or cycles.

Enough talking now. As Linus once said “Talk is cheap. Show me the code.”. So, lets begin…

© Safer Code | And So It Begins…

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , , , , , ,
Posted in General | No Comments »