September 16, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

More articles by Thomas Gutschmidt

tschmidt@nwlink.com

Embedding Python

Discover how to integrate C and Pyton through embedding.

Extending Python with C

Discover how to integrate Python with C/C++ by writing an extension or with third-party integration solutions.

Open Source High-level Languages in Your Neighborhood

Here is a handful of popular modern high-level languages, what they are being used for, and where they are hiding in the industry today.

Open Source High-level Languages in Your Neighborhood

Here is a handful of popular modern high-level languages, what they are being used for, and where they are hiding in the industry today.

Perl: Debunking the Speed Myth

How does Perl really rate in terms of speed?

Perl: Strict, Warnings, and Taint

Acquire three common tools to help Perl programmers write clean and maintainable code: the strict pragma, the warnings pragma, and taint checking.

The PerlNET Project

Interested in integrating Perl into your .NET applications? Get details on the PerlNET Project here.

Tacit Records: .NET Encryption and Java SecurityManager

Our security columnist answers some cutting-edge questions on the changing landscape of safe application development, from the worlds of Java and .NET.

An Oldie but Goodie: The Cross-Site Scripting Vulnerability

A reader offers our security columnist a tip on an exploitable hole that seems to be well documented and understood but has been met with overwhelming complacency, even among the elite sites on the Internet.

Encrypting a File Using .NET

Our "Tacit Records" columnist shows you how .NET's cryptographic support works using the Cryptostream class, which you can implement within either C# or Visual Basic. Here's how to get started.

Tacit Records: Microsoft's Managed Execution Process

This month, Gutschmidt considers the protocol for producing safe code in the .NET Framework. The Managed Execution Process translates your source code, generates metadata, compiles the translation into native code, and enables execution in the Common Language Runtime.

Tacit Records: The Java Class Loader

We begin a new column on software security and quality with a discussion of an essential element of Java's type-safety strategy.

Tacit Records: The Java Class Loader

We begin a new column on software security and quality with a discussion of an essential element of Java's type-safety strategy.

Data Structures in Java: Part 15, The toArray Method, Part 1

Baldwin shows you how to use the simpler version of the overloaded toArray method that is declared in the Collection interface. He also explains why you need to exercise care when using the elements stored in the resulting array to avoid corrupting the state of the objects referred to by the elements in the collection.

Securing Java Code: Part 4, Decompilers

Reasonable security begins with a reasonable security policy and continues by focusing on some of Java's weak links, namely memory management and decompilation.

Securing Java Code: Part 3

Developers need to assume that eventually their source code will be decompiled and scrutinized. There are, however, ways to sanitize source code after a program runs, and steps to make it expensive, time consuming, and extremely difficult to unravel.

Securing Java Code: Part 3

Developers need to assume that eventually their source code will be decompiled and scrutinized. There are, however, ways to sanitize source code after a program runs, and steps to make it expensive, time consuming, and extremely difficult to unravel.

Securing Java Code: Part 2

In this installment in our series, we further examine the elements that should be part of a secure Java code policy, including such safeguards as compartmentilization and cryptography.

Securing Java Code: Part 1

People have the notion that security holes are created by criminals and hackers to compromise systems. This is untrue. In almost all cases the holes exist and are just exploited.

An Overview of Cryptography in Java, Part 4: Permissions, Documentation, and Export Issues

With the new JCE 1.2.1, customizing securitymanager may be necessary in order to properly implement your provider. Sun also asks that providers carefully document services for users, and although JCE 1.2.1 hallmarks availability of these cryptography tools outside of the United States, implementing them in this way adds a layer of complexity.

An Overview of Cryptography in Java, Part 3: Writing Your Own Provider

We continue our series on Java cryptography with a look at setting up a provider of security services.

An Overview of Cryptography in Java, Part 2: Provider History

The idea behind the cryptography extension is to remove the programmer from the math and complexity involved in algorithms, and instead utilize provider classes that take care of the implementation. Gutschmidt continues his cryptography overview in this second installment.

An Overview of Cryptography in Java, Part 1: Random Numbers and Cryptographic Security Providers

We take a birds-eye view of the Java Cryptography Architecture, both within the Java Development Kit and the Java Cryptology Extension.

Thoughts on Java and Open Source Security

Java has been historically lucky in the open source field. Sun has been committed to community and industry participation since Javas inception, and by opening up source code Sun has helped foster innovation in areas such as security.

An Introduction to SecurityManager and Permissions in JDK

SecurityManager's job is to throw security exceptions if an application or applet tries to access something outside of the sandbox without permission.

Basic Java Security, Part 2: Applet security

Staying current with Java security is an ongoing education. Flaws and bugs are still occasionally found, and designers continue to use applications in new and unforeseen ways. This brief heads-up should help you keep your code safe.

Basic Java Security, Part 1: Recent security developments for Java virtual machines

Java's security system is extensive and well designed. Like all systems, it relies on a number of assumptions, one of which is a secure JVM. Once the library implementation of the sandbox is compromised, other Java security features, such as stringent memory management, language protocols for arrays or casts, and byte-code verification, become less significant.

Sitemap | Contact Us

Rocket Fuel