Everybody knows about SQL injections. It’s like a celebrity in the world of software security. But there are much more many different types of injection attacks which may feel jealous about popularity of SQL injections. That’s not fair. Let’s try to feel the gap, and talk about LDAP injections.
Tag Archives: Java
Accessing private fields with synthetic methods in Java
In Java, you can define one class B inside another class A. Class B is called an inner class, and class A is called an outer class. It looks like the following:
Class A has a private field “secret”. This private field can be accessed by both A and B classes. But in some cases, this private field can be accessed by other classes in the same package even if neither A or B provide any accessors. It actually depends on what we have in go() method.
DNS tunneling with Java
DNS tunneling may help you to bypass a firewall if DNS requests are allowed. Or, it can just get you a free Wi-Fi. There are a number standalone tools which allow you to setup a TCP-over-DNS tunnel. Here is a simple implementation of DNS tunneling with pure Java. It’s not ready for using in real world, but it shows an idea how DNS tunneling can be implemented. The implementation works with standard JRE, and doesn’t require any additional library.
(русская версия – Java и свет в конце DNS туннеля)
Java Cryptographic Roadmap
The Java team has published the “Oracle JRE and JDK Cryptographic Roadmap” at http://java.com/en/jre-jdk-cryptoroadmap.html which contains upcoming changes for crypto algorithms and protocols supported in Oracle’s JRE and JDK.
