1. Javocalypse
Check out this page: http://java-0day.com/ !
1.1. Vulnerability analysis
1.2. Research
Nr | URL | Description | Date |
1 | http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd-article.pdf | Java and Java Virtual Machine security vulnerabilities and their exploitation techniques | 03-09-2002 |
2 | http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf | Enterprise Java Rootkits | 29-07-2009 |
3 | http://media.blackhat.com/bh-ad-11/Drake/bh-ad-11-Drake-Exploiting_Java_Memory_Corruption-WP.pdf | Exploiting Memory Corruption Vulnerabilities in the Java Runtime | 15-12-2011 |
4 | http://www.security-explorations.com/materials/se-2012-01-report.pdf | Security Vulnerabilities in Java SE | 14-11-2012 |
5 | https://media.blackhat.com/bh-us-12/Briefings/Oh/BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf | Recent Java exploitation trends and malware | xx-08-2012 |
1.3. About Java Security
Nr | URL | Description |
1 | http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java | Same-origin policy for Java |
2 | http://slightlyrandombrokenthoughts.blogspot.de/ | Blog by Sami Koivu |
3 | http://blog.cr0.org/2010/04/javacalypse.html | Javocalypse |
4 | http://www.cert.org/blogs/certcc/2013/01/anatomy_of_java_exploits.html | Anatomy of Java Exploits |
5 | http://www.jtmelton.com/wp-content/uploads/YearOfSecurityforJava.pdf | Years Of Security For Java |
6 | http://www.cert.org/blogs/certcc/2013/04/dont_sign_that_applet.html | Don't Sign that Applet! |
7 | http://www.cert.org/blogs/certcc/2008/06/signed_java_security_worse_tha.html | Signed Java Applet Security: Worse than ActiveX? |
1.4. Mitigation
Nr | URL | Description | Date |
1 | http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse | Java zero day = time to disable Java, in your browser at least | 30-08-2012 |
2 | http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html | Java 7 0-Day vulnerability information and mitigation | 30-08-2012 |
3 | http://tojoswalls.blogspot.de/2013/05/java-web-vulnerability-mitigation-on.html | Java Web Vulnerability Mitigation on Windows | 23-05-2013 |