A Comparison between Java and ActiveX ...
By David Hopwood, "ActiveX and Java have both been the subject of press reports describing securitybugs in their implementations, but there has been less. ..."
Chronology of security-related bugs, 05/27/99
"April 14, 1999 - Unverified classes can be constructed Recently, Paul Haahr at Jive Technologies notified us of a bug that allows unverified classes to be...."
Chronology of security-related bugs, 05/27/99
Chronological list of security-related Java bugs and their fixes.
By David Hopwood, "Cryptix is a freeware cryptography library for Java..I've been working on integrating support for JCE into Cryptix..."
E-Commerce Security: Weak Links, Best ...
Information about the book.
Frequently Asked Questions - Java Security
"The goal for the JDK is to enable browsers to run untrusted applets in a trusted environment. Our approach is to be conservative at first, and to add functiona..."
Frequently Asked Questions - Java Security
"The goal for the JDK is to enable browsers to run untrusted applets in a trustedenvironment. Our approach is to be conservative at first, and to add ..."
History of the security group at Princeton Univ.
A chronological history of the activities of the internet security group at Princeton University.
How to secure a web site that uses Java ...
"The purpose of this document is to advise Java Web Server (JWS) customers on how to secure a web site that uses JWS. We recommend the following: Have separate..."
"The SSLava Toolkit provides developers with plug-and-play building blocks for creating secure, SSL 3.0-compliant client/server applications in the Java programming language. Applets and applications built with SSLava execute across all Java-supported platforms, such as..."
Java 2 security and stack inspection, McGraw
"With the release of Java 2 (a.k.a., JDK 1.2), Sun Microsystems upped the ante on sophisticated security models for mobile code. ..."
Java Security API
Download the JCE 1.2 Security software here. As of 7/23/99, this site also had links to download the JDK, the Java Web Server, and the HotJava Browser as well..
Java Security API
Main entry to Sun's Java security material: News, Software, Docs, Specs, White Papers, Articles, Preesentations, etc.
Java Security API
Your source for news and downloads for the Sun Security API.
Java Security API - Example
"This advanced example supposes that you are familiar with Object Serialization and Streams (including sockets). It is based on a client-server architecture.The..."
Java Security at U.C. Davis
"My own work on Java involves classifying the various vulnerabilities. This work is being done in association with the Security Lab at UC Davis. ..."
Java Security FAQ
"The Unofficial Answers from the Princeton Secure Internet Programming Team..."
Java Security, Hostile Applets, Holes and...
Discussion of the book.
Java Security Hotlist
Links to dozens of resources having to do with Java secrity.
Java Security Hotlist Categories
From Sun. Links to books, researchers, FAQs, papers, talks/articles, hostile applets, etc.
Java Web Server Security Advisory
"The purpose of this document is to advise Java Web Server customers of a configuration issue which may affect the security of their web sites. This problem aff..."
Low Level Security in Java
"This paper presents the details of the lowest-levels of the Java securitymechanism. Before any downloaded code is executed, it is scanned and verifiedto ensur...."
"Netscape Signing Tool 1.1 is available for downloading from this page. It replaces the older tools known as "Zigbert" and "Page Signer." To use Netscape Signin..."
Reliable Software Technology
Several tools from the company Reliable Software Technology.
RMI - The Scoop on RMI and SSL
"Tthe RMI group at Sun is providing a page that tells the complete RMI/SSL story. If this is a topic that interests you, or if you are interested in being inclu..."
"The more we manage our personal and business affairs over the network, the greater the threat to the security of our data. The write once, run anywhere promis..."
Secure Internet Programming, Princeton Univ.
"The Princeton Team, pre-eminent research group focused on Java Security."
Securing Java
Online version of the book "Securing Java"
"This release introduces: Policy-based, easily-configurable, fine-grained access control. When code is loaded, it is assigned "permissions" based on the securit..."
Security publications from Princeton University
Links to a large number of security publications from the security group at Princeton University.
Security Tradeoffs: Java vs. ActiveX
"Java and ActiveX are two systems that let people attach computer programs to Web pages. People like these systems because they allow Web pages to be much more ..."
"SID is a method for handling authentication using public key cryptography. Each user has a public key, but each pair of users who communicate regularly also ..."
SourceGuard, Complete protection for Java...
"Nearly all world-class Java software, from the leading Java IDE's to mission-critical corporate applications, is protected using 4thpass SourceGuard3.0 Enterpr..."
Standard Cryptographic Algorithm Naming
By David Hopwood, "This document gives references for a collection of cryptographic algorithms of various types. Each algorithm is assigned a standard ASCII nam..."
The Java Security Web Site
Contains links to numerous resources on Java security.
"Phaos offers a complete range of enterprise security solutions for Internet platforms. Our products enable security features from Secure Sockets Layer (SSL), ..."
Verisign security services
Not specific to Java, but useful to persons concerned with network security and Java.
Web Security Sourcebook
Information about the book.
Welcome to the CERT. Coordination ...
"we study Internet security vulnerabilities, provide incidentresponse services to sites that have been the victims of attack, publish a variety of security..."
"Most secret key encryption methods use a small encryption block, ie. DES =64 bits, RC5 = 32, 64 or 128 bits, Blowfish = 64 bits, IDEA = 64 bits. These..."