Java Application Security
The Java ecosystem is huge. There are client applications in the form of Applets and think clients in Swing and AWT. There are mobile apps written for Android. There are server side web applications. Each may have a different security profile and this page intends to serve as a jumping off point to find out more about any of these. Additional links related to JVM based languages and general OWASP information are below.
For client applications, primary concerns may be around keeping the JVM up to date, input validation and implementing proper authorization. More details are in the thick client application page . Look here if you are writing Swing, AWT or Applet code.
Mobile apps written for Android have a whole different security profile. These applications need to be careful about storing data on the phone, connecting securely to the API's they use and many other things. See the Android page for more detailed information about mobile security.
Web applications written in Java are one of the most common classes of Java application and running on a server they need to protect against injection and XSS, do input validation, authorization and update dependencies. For general background, see the General Java page. For framework specific guidance, look to the Spring or Struts pages.
Related Technologies
There are a number of languages and frameworks that run in the Java ecossytem. This list points to security information for those.
Resources
Support or Contact
Having trouble with the developer pages? Help us update them or [email protected] and we’ll help you sort it out. See something wrong? Get involved and help us fix it!