Posts

Showing posts from August, 2020

Java J2EE Security Considerations

Java Application Security Considerations   1. Authentication Insecure Coding Practices Secure Coding Practices Concatenated SQL queries for login validation. In most cases it is seen that user credentials, as retrieved from the request is used to form concatenated login queries. Such instances result in injection flaws in the login page. In case of concatenated SQL query, it leads to SQL Injection vulnerability. String  username =request.getParameter(“username”); String  password =request.getParameter(“password”); String query = “SELECT * FROM users WHERE username = “+ username +” AND password=”+ password ; Statement st = con. createStatement(); Results res = st.executeQuery(query); Use Parameterized or pre-compiled queries. String username=request.getParameter(“username”); String password=request.getParameter(“password”); String query = “SELECT * FROM users WHERE  username =?  AND  password=? “; PreparedStatement  ps = con.prepareStatement(query); ps.setString(1, username); ps.setStri
Post a Comment
Read more