I am often told that security features are not available at the level of abstraction that a developer with little security knowledge can use. What changes will developers need in their development environment for Java, which will make providing their software much easier than today.
I am considering new ways, such as providing a configuration at a level where the programmer should simply announce his security function, which he wants, and what level he wants, and only really power programmers will need to do something really extra.
So, part 2 question - what services do you want to use as a developer and how would you like it to be integrated into your development environment (development environment) so that you can easily use it.
where the programmer should just declare the security function he wants
It’s like asking: “What type of scalpel can I buy, so I don’t need to learn from a doctor?”
You can not.
The issue of "security" covers a very wide range of issues. You don't just turn security on, and it does. Security issues include protecting your software from an ever-increasing number of malicious activities.
-. , , . , , , , . . .
, , . .
.
, , , , . , , , . , , , . , / - , String ++, char.
, . , , Java. Java (char[]c = new char[1]; System.out.println(c[10]);).
char[]c = new char[1]; System.out.println(c[10]);
- , , . - , (aka TOCTOU).
, ( , , ), ( , , ), . , ( , XSS SQL-, LDAP).
OWASP ESAPI.
- API - - . , SqlParameters .NET ( , .. ).
, , , OWASP, .
- - API . , , , .
At this last point, you also need to stay flexible. If it happens that a vulnerability is discovered in your base system X, you may need to completely or completely remove it (but most likely, update it). You need to be able to do this as soon as possible. That is, to replace hashing functions or to change encryption procedures.
Obviously, this area is complex and interesting. I suggest that OWASP be a good place to get started.
Source: https://habr.com/ru/post/1728107/More articles:Получение имени учетной записи Windows клиента, обращающегося к отчету ssrs - reporting-servicesHierarchical filtering in a relational database - databaselinux training drivers - linuxWhat if JavaScript has different input arrays? - javascriptValidating a numeric value in the + SQL Server field - regexThe notifyIcon system tray will not accept a left-click event - c #Поддержка нескольких библиотек JavaScript в одном script - javascriptFinding the rightmost cell in an Excel document in .Net - c #ebXML Message Service Handler for .NET ...? - c #Mono (not Windows) Report Writing? - linuxAll Articles