{"id":65954,"date":"2021-07-18T04:10:06","date_gmt":"2021-07-18T08:10:06","guid":{"rendered":"http:\/\/bangla.salearningschool.com\/recent-posts\/sceasecurity-in-java-potential-threats-to-a-system-and-how-to-address-the-threatsjava-enterprise-architect-java-short-notes\/"},"modified":"2021-07-18T04:10:06","modified_gmt":"2021-07-18T08:10:06","slug":"sceasecurity-in-java-potential-threats-to-a-system-and-how-to-address-the-threatsjava-enterprise-architect-java-short-notes","status":"publish","type":"post","link":"http:\/\/bangla.sitestree.com\/?p=65954","title":{"rendered":"SCEA:Security in Java: Potential threats to a system and how to address the threats:Java Enterprise Architect #Java Short Notes"},"content":{"rendered":"<ul>\n<li> <b>Input Validation Failures:<\/b> Input should be validated        both at the client end and the server end (before any        processing). Validating both from trusted and untrusted       sources is important. Otherwise code injection attack        may happen. Validation should include: data type       (string, integer), format, length, range, null-value        handling, verifying for character-set, locale,       patterns, context, legal values and validity, and so on.   <\/li>\n<li><b>Output Sanitation:<\/b> If you display the user entered values or if the generated output contains a significant use of the input values, in some cases, the user may be able to relate the output to the input. The user may provide malicious data to display say a pop up or an affiliate ad or to break the system.    <\/li>\n<li><b>Buffer Overflow:<\/b> Some users may try to cause          buffer overflow and hence, break the system. This          may be part of a denial of service attack. Suppose          you have set a not null table column to be of size          50 and did not validate the input, then data &gt; 50          chars may break the system based on the operations         and platforms. Or a user can just insert huge           amount of data to eat up your server resources.   <\/li>\n<li><b>Data Injection Flaw:<\/b> In this case, security intruders can try to pass sql queries as part of their data to get useful information or to break your system.    <\/li>\n<li><b>Cross-Site Scripting (XSS):<\/b>   <\/li>\n<li><b>Improper Error Handling:<\/b> In case of errors,        such as, out of memory, null pointer exceptions,        system call failure, database access failure, network       timeout many applications display detailed internal        error messages. Based on the error messages (weak         points), hackers may be able to design an attack.     <\/li>\n<li><b>Insecure Data Transit or Storage:<\/b> Data in           storage or transit when represented as plain text           are vulnerable to attack. Encryption algorithms           may help in these situations.   <\/li>\n<li><b>Weak Session Identifiers:<\/b> If you assign           session identifiers before user authentication or           display session identifier in plain text, hackers           may spoof user identity and do harmful business           transactions.   <\/li>\n<li><b>Weak Security Tokens:<\/b>   <\/li>\n<li><b>Weak Password Exploits:<\/b> Passwords, many times,          can be guessed or watched or retrieved by using           password-cracking tools to obtain data from           password files. Strong authentication or          multifactor authentication mechanisms using digital         certificates, biometrics, or smart cards is           strongly recommended.    <\/li>\n<li><b>Weak Encryption:<\/b>   <\/li>\n<li><b>Session Theft:<\/b>   <\/li>\n<li><b>Insecure Configuration Data:<\/b>   <\/li>\n<li><b>Broken Authentication:<\/b>   <\/li>\n<li><b>Broken Access Control:<\/b>   <\/li>\n<li><b>Policy Failures:<\/b>   <\/li>\n<li><b>Audit and Logging Failures:<\/b>   <\/li>\n<li><b>Denial of Service (DoS) and Distributed DOS (DDoS):<\/b>   <\/li>\n<li><b>Man-in-the-Middle (MITM):<\/b>   <\/li>\n<li><b>Multiple Sign-On Issues:<\/b>   <\/li>\n<li><b>Deployment Problems:<\/b>   <\/li>\n<li><b>Coding Problems:<\/b><\/li>\n<\/ul>\n<p> From: http:\/\/sitestree.com\/?p=4886<br \/> Categories:Java Short Notes<br \/>Tags:<br \/> Post Data:2013-03-23 01:58:45<\/p>\n<p>\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com\/' target='new' rel=\"noopener\">https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\t(Big Data, Cloud, Security, Machine Learning): Courses: <a href='http:\/\/Training.SitesTree.com' target='new' rel=\"noopener\"> http:\/\/Training.SitesTree.com<\/a><br \/>\n\t\tIn Bengali: <a href='http:\/\/Bangla.SaLearningSchool.com' target='new' rel=\"noopener\">http:\/\/Bangla.SaLearningSchool.com<\/a><br \/>\n\t\t<a href='http:\/\/SitesTree.com' target='new' rel=\"noopener\">http:\/\/SitesTree.com<\/a><br \/>\n\t\t8112223 Canada Inc.\/JustEtc: <a href='http:\/\/JustEtc.net' target='new' rel=\"noopener\">http:\/\/JustEtc.net (Software\/Web\/Mobile\/Big-Data\/Machine Learning) <\/a><br \/>\n\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com'> https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\tMedium: <a href='https:\/\/medium.com\/@SayedAhmedCanada' target='new' rel=\"noopener\"> https:\/\/medium.com\/@SayedAhmedCanada <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Input Validation Failures: Input should be validated both at the client end and the server end (before any processing). Validating both from trusted and untrusted sources is important. Otherwise code injection attack may happen. Validation should include: data type (string, integer), format, length, range, null-value handling, verifying for character-set, locale, patterns, context, legal values and &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"http:\/\/bangla.sitestree.com\/?p=65954\">Continue reading<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1917],"tags":[],"class_list":["post-65954","post","type-post","status-publish","format-standard","hentry","category-fromsitestree-com","item-wrap"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":66437,"url":"http:\/\/bangla.sitestree.com\/?p=66437","url_meta":{"origin":65954,"position":0},"title":"Lesson 6: Handling Request Parameters with Form Beans #Java Short Notes","author":"Author-Check- Article-or-Video","date":"July 19, 2021","format":false,"excerpt":"Training Video for this article Code used for this article In jsp pages, you can create forms with html form tag or html:form tagForm Beans concept You can use request.getParameter() to retrieve data from a form from the backend\/server side. Or you can create a bean based on the form\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26521,"url":"http:\/\/bangla.sitestree.com\/?p=26521","url_meta":{"origin":65954,"position":1},"title":"ServletUtilities.java  Utility class that simplifies the output of the DOCTYPE and HEAD  in servlets, among other things. Used by most remaining servlets in the chapter. #Programming Code Examples #Java\/J2EE\/J2ME #Servlet","author":"Author-Check- Article-or-Video","date":"April 27, 2021","format":false,"excerpt":"ServletUtilities.java Utility class that simplifies the output of the DOCTYPE and HEAD in servlets, among other things. Used by most remaining servlets in the chapter. package cwp; import javax.servlet.*; import javax.servlet.http.*; \/** Some simple time savers. Note that most are static methods. * * Taken from Core Web Programming Java\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":66423,"url":"http:\/\/bangla.sitestree.com\/?p=66423","url_meta":{"origin":65954,"position":2},"title":"JSF: Lesson &#8211; 1: JSF Specifications #Java Short Notes","author":"Author-Check- Article-or-Video","date":"July 19, 2021","format":false,"excerpt":"Video Demonstration of a sample JSF application create: Read the article first JSF Specifications JSF is not standalone technology, you have to use it in conjunction with JSPs, Servlets, EJBs How to use JSF with Servlets and EJBs: In Servlet or EJB, explicitly create instances of UI components and use\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10156,"url":"http:\/\/bangla.sitestree.com\/?p=10156","url_meta":{"origin":65954,"position":3},"title":"ServletUtilities.java Utility class that simplifies the output of the DOCTYPE and HEAD in servlets, among other things. Used by most remaining servlets in the chapter.","author":"","date":"August 15, 2015","format":false,"excerpt":"ServletUtilities.java\u00a0 Utility class that simplifies the output of the DOCTYPE and HEAD\u00a0 in servlets, among other things. Used by most remaining servlets in the chapter. package cwp; import javax.servlet.*; import javax.servlet.http.*; \/** Some simple time savers. Note that most are static methods. \u00a0* \u00a0 \u00a0*\u00a0 Taken from Core Web Programming\u2026","rel":"","context":"In &quot;Code . Programming Samples . \u09aa\u09cd\u09b0\u09cb\u0997\u09cd\u09b0\u09be\u09ae \u0989\u09a6\u09be\u09b9\u09b0\u09a8&quot;","block_context":{"text":"Code . Programming Samples . \u09aa\u09cd\u09b0\u09cb\u0997\u09cd\u09b0\u09be\u09ae \u0989\u09a6\u09be\u09b9\u09b0\u09a8","link":"http:\/\/bangla.sitestree.com\/?cat=1417"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26549,"url":"http:\/\/bangla.sitestree.com\/?p=26549","url_meta":{"origin":65954,"position":4},"title":"SetCookies.java  Servlet that sets a few persistent and session cookies. Uses the ServletUtilities  class to simplify the DOCTYPE and HEAD output. #Programming Code Examples #Java\/J2EE\/J2ME #Servlet","author":"Author-Check- Article-or-Video","date":"April 28, 2021","format":false,"excerpt":"SetCookies.java Servlet that sets a few persistent and session cookies. Uses the ServletUtilities class to simplify the DOCTYPE and HEAD output. package cwp; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; \/** Sets six cookies: three that apply only to the current * session (regardless of how long that session lasts) *\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":66433,"url":"http:\/\/bangla.sitestree.com\/?p=66433","url_meta":{"origin":65954,"position":5},"title":"JSF: Lesson &#8211; 6: Validating User Input in JSF #Java Short Notes","author":"Author-Check- Article-or-Video","date":"July 19, 2021","format":false,"excerpt":"Target: Intermediate level web-developers. Sample application for this article Video Tutorial for this article In web-application development, validating user inputs takes much efforts. JSF has made validations much easier than usual JSF Built-in Validators: validateDoubleRange: Checks that the value provided is a double value. You can also set a minimum\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/65954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=65954"}],"version-history":[{"count":0,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/65954\/revisions"}],"wp:attachment":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=65954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=65954"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=65954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}