Comparing Java and .NET Security: Lessons Learned and Missed
Nathanael Paul David Evans
University of Virginia
Department of Computer Science
[nate, evans]@cs.virginia.edu
The study done by Paul and Evans examined the two of the well known platforms that uses virtual machine. According to the authors, virtual machines enable the platform to run un-trusted programs under a restricted area. This functionality added a big point in the field of security for the platforms. The platforms that were compared on their study were the Java and .NET. As to the result of their comparison, based on the vulnerabilities and limitations found on each of the platform’s security, the Java virtual machine was over throne by the CLR of .NET platform. According to the authors, the sharpness of security of .NET was because of using the Java mistakes as their basis for development and improvement for .NET and the usage of different security architecture.
Reflecting to the study conducted by Paul and Evans and looking at the graphical representations on their study, the .NET really has the edge over Java. There are many holes in Java which were patched in .NET. This only shows that there is really a big gap between the architectures of the two platforms in implementing their security. Eventhough the both share the same goal, there is really that difference and there is also a platform that will outdo one platform.
But if you’ll examine it carefully, what’s the edge of Java when compared with .NET when .NET itself based its security improvements to the mistakes of Java security? Aside from that, they have a very different structure. Also looking at the Java platform, and to its developers, why would they let these vulnerabilities?
Since the field of security is very crucial for such platforms, innovations and improvements related to this field is a never ending road, for there is really no such thing as secure.
Security in the Microsoft® .NET Framework
Analysis by Foundstone, Inc. and CORE Security Technologies
In this paper, the security aspect of the .NET Framework of Microsoft is analyzed by Foundstone, Inc. and CORE Security Technologies. According to them, the .NET security, if it will be used properly, can provide its practitioners and end-users a secure application from attacks now and in the future. They based their conclusion to the wonderful features that they encounter during the study.
Even though the paper is very technical, this will serve as a very good basis for the succeeding developers for them to develop a more advance and secure versions of the Framework. As to the application developers and administrators, this paper serves can serves as their guide in improving the way the manage applications under such framework to further improve or strengthen their established security.
Even with the many importance of this paper, there are just some points that are a bit surprising to see. Like the statement saying that in there is an assurance with regards to the resistance to common attacks now and in the future. It’s a bit surprising to see that because there are also some writers saying that there is no such thing as secure. Maybe for now, but as to the future, who knows? But if that is really correct, then that is a great lead to the security of the discussed framework.
Which database is more secure? Oracle vs. Microsoft
David Litchfield
Since the paper done by Litchfield examines both of the securities of Oracle and Microsoft database servers. It also tackles or mainly based its comparison to the faults or holes of the two mentioned database servers. As to the result and conclusion of the author with the comparison he made, the Oracle emerge as the less serious contender.
The two mentioned database servers are among the acclaimed servers that are now present on the market. These servers are really maintained by its developers and every hole is patches as fast as they can. Since the MSSQL marks a lead over Oracle. Since the author based its results to the vulnerabilities found on both database servers, there may be a great justification. But as to the assessment of the overall paper, the conclusion may be true, but as to the present, maybe the vulnerabilities are now covered and fixed.