How ShiftLeft Enhances Java Security

For more than 15 years I have worked with Java technologies, particularly on the server-side, with Java Enterprise Edition (Java EE). I have written Java applications and deployed them in production across many environments. Along the way I have worked with many talented individuals and teams architecting, developing and maintaining Java EE applications.As respects server-side security, the number one thing that stands out to me is that a comprehensive security view of a Java system is very hard to come by, let alone understand, even for experienced Java architects.In this blog I want to explore Java EE security features and articulate how ShiftLeft leverages and improves the Java Security Model by automatically implementing a policy-based security profile for the application code, and by detecting and securing vulnerable trusted code. With ShiftLeft the Java EE security architecture becomes easy to visualize and digest.Java Security OverviewJava security can be categorized in two broad areas:Platform Security — Provided to the application by the Java platform, andApplication Security — Specific to the application workflows.Let’s take a quick look at each of these security realms to better understand how Java security has evolved over the years.Platform SecurityPlatform security (also known as provided security because it is supplied by the Java platform) comprises...
Read more