 |
|||||||||
|
|||||||||
|
|
I have come back after a long hiatus - I was busy travelling the world in connection with my teaching activities. These activities were primarily centered on teaching secure product development to product dev teams. My journey took me to China, India, Ireland, and UK. Anyway while the current work has been focused on C/C++ where the scope for security vulnerabilities is more than in Java: nonetheless there is a need out there to teach Secure Programming in Java as well.
I am currently engaged in developing the material for the same. I am registered to teach the same topic in the Berkeley University Extension as well.
In this context I will be focusing on two areas - at two different levels of abstraction. One level is at the Virtual Machine and the other is at the level of the Applications running on the VM. So from a security perspective the VM Hacks will be studied and then the security vulnerabilities associated with the Applications - such as a JEE Application - running on the VM will be studied.
But in comparison to C/C++ Java is obviously more secure as it doesnt suffer from the curse of buffer overflow. I am actively trying to uncover some vulnerabilities at the VM level so that the course becomes more interesting :-))
I was recently reading about the IOCCC - The International Obfuscated C Coding Contest. I wonder whether it is possible to write obfuscated code in Java. I think that while obfuscated code can be written in C even by accident, in Java it is difficult to produce such code even if we tried to do it deliberately. A good achievement in language design.
