policy

Sep 9, 2018 jvm security policy

Crafting Java policy files, a practical guide

This is the 4th post in the JVM Security focus series. In one of my previous posts, I described how to create a custom policy file for one’s application. The process was manual and incremental. Because of that, it was painstakingly long, and hence not really useful. Since I wrote the post, I found a way to write the policy file under in a couple of hours, instead of days.

Feb 5, 2017 jvm security jar spring boot policy

Signing and verifying a standalone JAR

This is the 3rd post in the JVM Security focus series. Last week, I wrote about the JVM policy file that explicitly lists allowed sensitive API calls when running the JVM in sandboxed mode. This week, I’d like to improve the security by signing the JAR.

Feb 5, 2017 jvm security spring boot policy

Proposal for a Java policy files crafting process

This is the 2nd post in the JVM Security focus series. I’ve already written about the JVM security manager, and why it should be used - despite it being rarely the case, if ever. However, just advocating for it won’t change the harsh reality unless some guidelines are provided to do so. This post has the ambition to be the basis of such guidelines. As a reminder, the JVM can run in two different modes, standard and sandboxed.