Developing security applications with Java

Developing security applications with Java

How can I develop a security application using Java, and what features can I give to my application thru it? Are there any other tools I can use to develop security applications?


    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Like many questions on how to do something, it's hard to know how to answer, because I really don't know what you're trying to do. So let me help as best as I can.

Java is a marvelous language for writing security applications in. While Java gets more press for being a client-application language (like Java applets in Web browsers), it's much better as a *server* development language.

Java offers some features that make for writing good security systems. In particular, threading is built into the language. Java also has a garbage collector and checks all memory references for arrays, strings and the like.

These features come at a performance cost, but they may be worth it. Software engineering mavens estimate that one-third of all bugs come from improper memory allocation and de-allocation and that another third come from buffer overflows. Eliminating those bugs is worth a lot.

As a side note, I'll mention that you can still run off the end of an array in Java, just like you can in C, but your program will take an exception instead of merrily destroying itself. Similarly, you can still consume all available memory in your computer when you use Java, but you don't have the sort of memory leak that occurs because you forgot to de-allocate something.

Also, with the new JIT compilers and runtime systems, Java servers can be quite fast. One network processing system I worked on has shown sustained processing of network packets at nearly 800 per second for over an hour. That is the one-hour average, to make things clearer. This was also on a Pentium 3 550MHz machine!

Here are some resources that may help you in your quest:

* Securing Java: Getting Down to Business with Mobile Code, Second Edition by Gary McGraw, Edward W. Felten; John Wiley & Sons; ISBN: 047131952X

* Java Security Handbook by Jamie Jaworski, Paul Perrone; Sams; ISBN: 0672316021

* JAVA 2 Network Security by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok Ramani; Prentice Hall; ISBN: 0130155926

* Java Security by Scott Oaks; O'Reilly & Associates; ISBN: 1565924037

* Java Cryptography by Jonathan Knudsen; O'Reilly & Associates; ISBN: 1565924029

* Inside Java 2 Platform Security: Architecture, API Design and Implementation by Li Gong; Addison-Wesley Pub Co; ISBN: 0201310007


This was first published in May 2001