Professional Documents
Culture Documents
Presented By, Naveen Kumar Ratkal
Presented By, Naveen Kumar Ratkal
Net
Presented By,
Naveen Kumar Ratkal
Outline
CLR VS JVM
Java Byte Code and MSIL
Comparing the stacks
Major security vulnerabilities reported
Java Authentication and Authorization service (JAAS)
Class file and Cs file
Security features Comparison
Java or .Net
JVM vs. CLR
JVM designed for platform independence
Single language: Java (?)
A separate JVM for each OS & device
CLR designed for language independence
Multiple languages for development
C++, VB, C#, (J#)
APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML, Mercury, Mondrian,
Oberon, Pascal, Perl, Python, RPG, Scheme, SmallScript, …
Impressive usage of formal methods and programming language research
during development
Underlying OS: Windows (?)
CLR vs JVM
VB Managed Lots of other
C# .Net C/C++ Languages Java
Java byte code (or JVML) is the low-level language of the JVM.
MSIL (or CIL or IL) is the low-level language of the .NET Common
Language Runtime (CLR).
Superficially, the two languages look very similar.
JVML: MSIL:
iload 1 ldloc.1
iload 2 ldloc.2
iadd
istore 3 add
stloc.3
Comparing the stacks
…
…
Python
JSP
Servlets
Perl
Java
ADO.NET JDBC
One of the buy CVE-2000-1061 - execute arbitrary commands via a malicious web
page or email
Java Authentication and
Authorization service (JAAS)
cultural/”religious”/political preferences
Skill set of your developers
Customer preference
Vendor relations
References
Websites :
http://vsbabu.org/mt/archives/2003/09/05/slashdot_java_vs_net.html
http://www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pd
http://diuf.unifr.ch/softeng/seminars/SE2003/buchmann/htmlpaper/in
dex.html
Book :
Java Security - By oaks