Developing modern enterprise web applications has become an increasingly complex process. Developers have therefore to continuously embrace new technologies and frameworks to be able to keep up with this trend. But new technologies are also new possible ways an attacker might exploit.
The OWASP, for example, lists no less than 500 common web application vulnerabilities on its website. From a security professionals perspective, most of these threats are well understood and documented. But when it comes to implementing adequate countermeasures in a J2EE application, the available information is mostly authentication and authorization. The most vulnerabilities, however, do not relate to these both topics at all, but to session management and, even more, to data validation instead.
This is why I had the idea to start this blog to discuss common vulnerabilities and counter measures, but also technologies and ideas for securing J2EE/Java EE web applications. I hope you will find this blog interesting and useful for your daily work.
To My Person
I started as a software developer nearly nine years ago. At first I was writing web applications with PHP and later with ASP.NET and J2EE. I now work as a security consultant. Most of the time I am busy conducting security assessments (pentests), trainings and working on a couple of J2EE projects.
No comments:
Post a Comment