Posted by Ron Lievens at 9:36 on Friday 30 January
A lot of ‘performance tests’ are posted online lately. Many times these performance tests are implemented and executed in a way that completely ignores the inner workings of the Java VM. In this post you can find some basic knowledge to improve your performance testing. Remember, I am not a professional performance tester, so put your tips in the comments!
Read the full artical at: http://java.dzone.com/articles/why-many-java-performance-test
Posted by Ron Lievens at 14:06 on Tuesday 13 January
The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 is organized into three high-level categories that contain multiple CWE entries.
Insecure Interaction Between Components
These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
- CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
- CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-362: Race Condition
- CWE-209: Error Message Information Leak
Risky Resource Management
The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.
- CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642: External Control of Critical State Data
- CWE-73: External Control of File Name or Path
- CWE-426: Untrusted Search Path
- CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
- CWE-494: Download of Code Without Integrity Check
- CWE-404: Improper Resource Shutdown or Release
- CWE-665: Improper Initialization
- CWE-682: Incorrect Calculation
The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.
- CWE-285: Improper Access Control (Authorization)
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-259: Hard-Coded Password
- CWE-732: Insecure Permission Assignment for Critical Resource
- CWE-330: Use of Insufficiently Random Values
- CWE-250: Execution with Unnecessary Privileges
- CWE-602: Client-Side Enforcement of Server-Side Security
Posted by Hans-Jürgen Jacobs at 15:34 on Monday 5 January
Bij de start van een nieuw jaar horen ook de verwachtingen voor dat jaar. Neil McAllister heeft in ieder geval zijn mening, ook over Java, gegeven. Wat zijn jullie verwachtingen?
Lees zijn verwachtingen: Software development predictions for 2009
Posted by Hans-Jürgen Jacobs at 13:24 on Monday 22 September
Eerst versie van OSGI boek beschikbaar. Download it here! [Neil Bartlett]
Posted by jcn at 9:57 on Tuesday 12 August
Op de serverside wordt gesproken over “software vendor Fortify Software claims that a wide variety of vulnerabilities in projects such as Struts, Hibernate, and Geronimo”. Ook het Spring framework bevat security issues. Op searchsoftwarequality.com wordt gesproken over “Critical security issues found in the Spring Framework”en “Keith Donald, principal software engineer at SpringSource, said they are working with security experts at Ounce Labs to raise awareness within the Spring community of these two issues.“
Posted by Rino Kadijk at 9:44 on Wednesday 16 July
Wat zijn Closures? Op de blog van Neal Gafter staat het volgende:
14 december 2007 werd er een bericht op JCN Blog
geplaatst over de presentatie van Joshua Bloch over closure support in Java. Vervolgens reageerde James Gosling als volgt op zijn blog:
There has been a lot of chatter about the closures proposal penned by Neal Gafter. And, in particular, whether or not I support it. I absolutely do.
Volgens de blog van Neal Gafter lijkt de specificatie eraan te komen voor JDK 7. Hij schrijft het volgende:
I’m co-author of a draft proposal for adding support for closures to the Java programming language for the Dolphin (JDK 7) release. It was carefully designed to interoperate with the current idiom of one-method interfaces. An abbreviated version of the original proposal is reproduced below. The latest version of the proposal and a prototype can be found at http://www.javac.info/.
Gilad Bracha, Neal Gafter, James Gosling, Peter von der Ahé
In zijn videopresentatie legt Neal Gafter uit welke voordelen Closures bieden ten opzichte van de huidige mogelijkheden.
Posted by Rino Kadijk at 9:22 on Friday 11 July
Deze video presentatie duurt ongeveer een uur en laat duidelijk zien welke vernieuwingen er op het programma staan voor Java 7. De presentatie is ook op JavaOne gepresenteerd.
Google Tech Talks
May, 1 2008
JSR-203 is the NIO update JSR scheduled for release with Java 7. This
talk will present an overview of the new NIO features and improvements.
Speaker: Alan Bateman
Software Engineer at Sun Microsystems. Spec lead on JSR-203.
Speaker: Carl Quinn
Software Engineer at Google. E.g. member on JSR-203