-
Notifications
You must be signed in to change notification settings - Fork 3
SecurityComponents
Java provides security API an components to ensure confidientiality, integrity and access control for its applications. These are not meant to exhaustive and provide all required steps in preventing attacks. The careful developer will program with security in mind, will use these components and will work with system componets as well (sandboxing, access permissions, hardening).
One needs a good understanding of these components when desiging a Java application with security in mind.
random numbers, random number generators
key generation, encryption, hashing
secure communication, SSLSocket
code signing and verification
access control, Java Security Manager
Enter the 10-secure-components/random-numbers/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it. Run the program multiple times to see the "bad" behavior.
Based on MSC02.
Enter the 10-secure-components/socket/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it. Use Wireshark or tcpdump to see network traffic on the network interface. As we use are using localhost, inspect the lo virtual network interface (loopback).
Based on MSC00.
Go here and create a program that generates a digital signature.
Go here and create a program (.jar file), do code signing and then code verification to it.