JavaOne 2016 slides for "Making the JDK More Secure"

My slides for my JavaOne 2016 session on "Making the JDK More Secure" are here.

Tuesday, September 20, 2016 | Java | Read More

Slides for JavaOne 2015 session (Safer and Faster: New JDK Security Features and Performance Improvements)

My slides for my JavaOne 2015 session on "Safer and Faster: New JDK Security Features and Performance Improvements"  are available here. Thanks to all that attended my session (either in person or via the live-stream)!

Thursday, October 29, 2015 | Java | Read More

Slides for my JavaOne 2014 session on "Understanding the New JDK 8 Security Features"

Here are the slides for my JavaOne 2014 session on Understanding the New JDK 8 Security Features. Thanks to all who attended the session. I hope it was very useful.

Thursday, October 2, 2014 | Java | Read More

Version 5.0 of the Java Secure Coding Guidelines now available!

A new version of the Java Secure Coding Guidelines is now available at http://www.oracle.com/technetwork/java/seccodeguide-139067.html This version has many updates, including: Additional information for some of the new Java SE 8 features Several new guidelines and examples A new appendix covering the Java Native Interface A new symbolic naming for sections Several formatting changes These guidelines contain coding patterns and best practices that are extremely useful for building...

Monday, April 14, 2014 | Java | Read More

How to use the XML Signature secure validation mode

In JDK 7u25, we introduced a new secure validation mode for XML Signatures. This mode is designed to protect you from XML Signatures that contain potentially hostile constructs that could cause denial-of-service or other types of security issues.  The good news is that if you run your application with a SecurityManager, the secure validation mode is enabled by default, and there is no further action required. Otherwise, a new property with the name org.jcp.xml.dsig.secureValida...

Thursday, March 13, 2014 | Java | Read More

How to determine if a signed JAR is timestamped

Applying a timestamp when you sign a JAR is strongly recommended, as it allows you to prove that you signed the JAR during the time interval that your code signing certificate was still valid. This allows your JAR to be validated after the certificate expires thereby prolonging the lifetime of your application. There's really no good reason you should not apply a timestamp, and we are encouraging all developers to do that as we introduce stricter applet/RIA restrictions in...

Tuesday, December 3, 2013 | Java | Read More
 

Visit the Oracle Blog

 

Contact Us

Oracle

Integrated Cloud Applications & Platform Services