" Java has long boasted a reputation for being a secure programming language. Lately, however, that reputation has come into question. Java has been accused of being susceptible to cross-site scripting (XSS) and other similar input attacks like SQL injection.

Is the security of Java itself getting worse, or is the security of Web applications using Java weakening? Are XSS attacks enabled by poor Java coding, or poor Web application design? In this tip, we'll examine Java's security capabilities, the recent exploits that have caused some to question Java and best practices to keep Java applications safe.

Java has a number of built-in security features that don't exist in other languages. For example, it checks the size of input data, which prevents buffer overflows, a common exploit where an attacker floods an application with more data than it can handle. A buffer overflow can crash an application or, if crafted properly, ignite a process which allows malicious access into a system.

Unlike other languages, such as C and assembly, Java automatically cleans up after itself. After an application closes, Java clears out memory used by the application with a garbage collection system. This process, which works silently in the background, prevents other exploits that can take down an application by overloading its memory. "

Paper Link: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1263607,00.html