Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I recently found out about Android Studio's decompiler and a few questions arose as I'm currently involved in an Android project. I just tried it and it generated near perfect code, surprisingly.
How good are Java decompilers nowadays? Are there protection mechanisms to prevent decompilation? Any security concerns to have in mind?
Best.
This questions is too broad. So I will split the questions and answers:
How good are Java decompilers nowadays?
Very good. You are likely to get readable classes back.
Are there protection mechanisms to prevent decompilation?
Yes, things like code obfuscators, or even other alternatives
Any security concerns to have in mind?
All security concerns are best kept in mind, depending on your application.
Against decompilers?
Not really, your code should be readable and still dont pose a threat to the system or its users. The best concept here would be the "white box" concept, in wich your code does not need to be hidden.
If you are handling something that should not be know, try executing it in a controlled enviromment, such as a controlled webservice.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
I know that Robust is a Feature of java programming language. But I don't know what is the exact meaning of it and how to any programmer benefited by it.
It's a generic adjective that means different things for different people. There's no measure of robustness, so you can't say "this language is more robust than that".
It might be used to differentiate a language from a "toy" language, that isn't meant for general purpose programming, but you aren't going to find any clear definitions, because there isn't one.
Robust simply means heavy and strong and Java has a lot of facilities for programmers such as memory management, security features, networking features etc.
For details regarding exact meaning of feature "Robust", you can follow this link https://www.javatpoint.com/features-of-java
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I am trying to run the Java applets that accompany the book "Data Structures and Algorithms in Java" by Robert Lafore.
They can be found on this site
https://cs.brynmawr.edu/Courses/cs206/spring2004/lafore.html
The applets do not work for some reason. I've tried adding the different url's for the different applets to my exception site list under Java's security configuration, but that didn't help.
Anyone know what might be the problem?
As already said, you should rather avoid applet based samples. However, if you still need them, take a look here:
https://download.java.net/openjdk/jdk7u75/ri/jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz
You will find appletviewer there. Appletviewer allows you to run applets. It might be you will have to play with JAVA_HOME environment in order to make sure you use this particular version of Java.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
so here I got an open-source Android app which I must analyze and identify the structure of, things like its libraries, high-level architecture, configuration management, and testing facilities.
Now I understand where and how to look for the last two, but I still rather confused on how can I identify the libraries and architecture.
So what I'm asking is, how do I identify the architecture of an app and the libraries it uses? where do I look for it? what part of the source code? are there any tips to do this?
If there is any other info that I should provide, please do tell me.
Edit1: this is what I meant by high-level architecture, using Firefox as an example, but it doesn't have to be this technical, something more simple is also okay >>>
There are 1000s (maybe even millions) of questions on stack-overflow regarding Android development. The android documentation is itself highly exhaustive. And a simple query like "add library android project" can lead someone to answers like this.
What I am really trying to say is, a lot is already there. You just need to use it.
As for the original question :
Libraries
The dependencies can be found here. These are the external libraries that are used by this app.
-
Architecture
About that, you will mostly have to go through the code. Using Android-studio for that can be really helpful. You can use tools like this, but mostly, you will have to go through the code and understand it.
Furthermore, since its opensource project, there should be good documentation about it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I created a Java programm which works on the serverside to communicate with an Android-App over Sockets. Now I want to check wether it is secure to hacking. I also asked in the Security.SE forum but this is programming related. So what do I need to look for in my Java-program to make it heavy to be exploided?
The first thing to check would be the server it's running on. You can cerainly checkout the https://www.owasp.org/ website. It is always a good source of security threats. Then there are a lot of pentesting tools https://www.kali.org/ has many of them built in.
But the most important might be how you've designed your API, I mean you're not very specific about what you need to know but some rules that will certainly apply:
secure the communication
make sure id theft is as hard as possible
never store userpasswords yourself(use a tokenbased system like oauth)
Obfuscation via proguard makes the program harder to reverse engineer.
Obfuscation combined with Ahead-Of-Time Compilation
1) Obfuscate names and encrypt strings using the tools not relying on the application being delivered in bytecode form. Make sure to disable control/data flow obfuscations.
2) Compile the obfuscated application down to optimized native code.
see link
http://www.excelsior-usa.com/articles/java-obfuscators.html
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
What, if any, are the differences between Dynamic Code Analysis and Penetration Testing? Are they related?
These are two concepts which barely have any relation at all.
Dynamic Code Analysis is the observation of a program while it is being executed to gain insight into the program and see what it does and how it does it.
Penetration Testing is an attempt to try out common exploits and hacking techniques on a system by or with permission of the owner. The intention is to detect security flaws so they can be fixed. Penetration testing does not necessarily focus on software. A good penetration test should cover all components of a system. This includes hardware, operating system, software and also the vulnerability of any human components to social engineering attempts.