AppSec Blog: Tag - java

Taming the Beast - The Floating Point DoS Vulnerability

Originally posted as Taming the Beast The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left … Continue reading Taming the Beast - The Floating Point DoS Vulnerability


Seven Security (Mis)Configurations in Java web.xml Files

There are a lot of articles about configuring authentication and authorization in Java web.xml files. Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let's look at some of the most common security misconfigurations in Java web.xml files. 1) Custom Error Pages Not Configured By default Java … Continue reading Seven Security (Mis)Configurations in Java web.xml Files


Hacking, Reviewing, and Fixing a Real-World Open Source Web App

A few weeks ago I finished a big update to Secure Coding in Java/JEE (DEV541) which has a new day dedicated to hacking, reviewing, and fixing the code of a real-world open source web application written in Java. It's an introduction to security in the SDLC and is similar to the "Capture and Defend the … Continue reading Hacking, Reviewing, and Fixing a Real-World Open Source Web App


Top 25 Series - Rank 15 - Improper Check for Unusual or Exceptional Conditions

CWE-754 happens when "software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software." [1] Take the following snippet of Java code as an example: private static final int ROLE_ADMIN = 0; private static final int ROLE_USER = 1; … Continue reading Top 25 Series - Rank 15 - Improper Check for Unusual or Exceptional Conditions


Top 25 Series - Rank 6 - Reliance on Untrusted Inputs in a Security Decision

During a code review I came across code that looked like this: // for testing only String testId = request.getParameter("secretId"); if (testId != null && !testId.equals("")) id = testId; else id = codeToLookupTheRealId(); This code allows a malicious user to perform an access control bypass attack by simply supplying the "secretId" parameter in the request. … Continue reading Top 25 Series - Rank 6 - Reliance on Untrusted Inputs in a Security Decision