Java for Cyber Security

Master Java for enterprise security - deserialization attacks, web security, network programming, and Android security testing.

Why Java for Security

Java powers enterprise applications, Android devices, and big data platforms worldwide. Understanding Java security is essential for testing enterprise environments and Android applications.

  • Enterprise dominance - Banks, governments, and Fortune 500 companies run on Java.
  • Android development - Android apps are built with Java/Kotlin. Security testing requires Java knowledge.
  • Deserialization attacks - Java deserialization vulnerabilities are among the most impactful in enterprise.
  • Burp Suite extensions - Burp Suite is written in Java. Extensions use the Java API.
  • Metasploit payloads - Many payloads and listeners use Java.
Note

Java's memory management and sandbox model provide built-in protections, but deserialization, reflection, and JNDI injection create significant attack vectors.

Java Basics

java
import java.io.*;
import java.net.*;
import java.util.*;

public class SecurityTools {
    // HashMap for service mapping
    static Map<Integer, String> services = new HashMap<>();

    static {
        services.put(21, "FTP");
        services.put(22, "SSH");
        services.put(80, "HTTP");
        services.put(443, "HTTPS");
        services.put(3306, "MySQL");
    }

    // Check if port is open
    public static boolean isPortOpen(String host, int port, int timeout) {
        try {
            Socket socket = new Socket();
            socket.connect(new InetSocketAddress(host, port), timeout);
            socket.close();
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    // Banner grabbing
    public static String grabBanner(String host, int port) {
        try {
            Socket socket = new Socket(host, port);
            BufferedReader reader = new BufferedReader(
                new InputStreamReader(socket.getInputStream()));
            String banner = reader.readLine();
            socket.close();
            return banner;
        } catch (IOException e) {
            return "Unknown";
        }
    }

    public static void main(String[] args) {
        String target = args.length > 0 ? args[0] : "127.0.0.1";
        for (int port : services.keySet()) {
            if (isPortOpen(target, port, 2000)) {
                System.out.println("[+] Port " + port + ": " + services.get(port));
            }
        }
    }
}

OOP for Security

java
import java.util.*;

// Abstract scanner interface
interface SecurityScanner {
    void scan(String target);
    String getScannerName();
    default void log(String msg) {
        System.out.println("[" + getScannerName() + "] " + msg);
    }
}

// Port scanner implementation
class PortScanner implements SecurityScanner {
    private int startPort, endPort;

    public PortScanner(int start, int end) {
        this.startPort = start;
        this.endPort = end;
    }

    public void scan(String target) {
        log("Scanning ports " + startPort + "-" + endPort);
        for (int port = startPort; port <= endPort; port++) {
            try {
                new Socket(target, port).close();
                log("Port " + port + " OPEN");
            } catch (IOException e) { /* closed */ }
        }
    }

    public String getScannerName() { return "PortScanner"; }
}

// Vulnerability scanner
class VulnScanner implements SecurityScanner {
    private List<String> payloads = Arrays.asList(
        "' OR 1=1--", "<script>alert(1)</script>",
        "{{7*7}}", "../../../etc/passwd"
    );

    public void scan(String target) {
        log("Testing " + payloads.size() + " payloads on " + target);
        for (String payload : payloads) {
            log("Testing: " + payload);
        }
    }

    public String getScannerName() { return "VulnScanner"; }
}

Socket Programming

java - HTTPClient.java
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;

public class WebSecurityTester {
    private static final HttpClient client = HttpClient.newHttpClient();

    // Test for directory listing
    public static void checkDirectoryListing(String baseUrl) throws Exception {
        String[] paths = {"/admin", "/backup", "/uploads", "/.git"};

        for (String path : paths) {
            HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create(baseUrl + path))
                .timeout(java.time.Duration.ofSeconds(5))
                .build();

            HttpResponse<String> response = client.send(request,
                HttpResponse.BodyHandlers.ofString());

            if (response.statusCode() == 200) {
                if (response.body().contains("Index of") ||
                    response.body().contains("Directory listing")) {
                    System.out.println("[!] Directory listing: " + baseUrl + path);
                }
            }
        }
    }

    // Check security headers
    public static void checkHeaders(String url) throws Exception {
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create(url)).build();
        HttpResponse<String> response = client.send(request,
            HttpResponse.BodyHandlers.ofString());

        String[] requiredHeaders = {
            "X-Frame-Options", "X-Content-Type-Options",
            "Strict-Transport-Security", "Content-Security-Policy"
        };

        for (String header : requiredHeaders) {
            if (response.headers().firstValue(header).isEmpty()) {
                System.out.println("[!] Missing: " + header);
            }
        }
    }

    public static void main(String[] args) throws Exception {
        checkHeaders("https://example.com");
        checkDirectoryListing("https://example.com");
    }
}

Java Deserialization Attacks

Java deserialization vulnerabilities occur when untrusted data is deserialized, allowing attackers to execute arbitrary code.

Critical Vulnerability

Java deserialization vulnerabilities have led to Remote Code Execution (RCE) in major products like WebLogic, JBoss, Jenkins, and Apache Struts.

java - vulnerable_code.java
import java.io.*;

// VULNERABLE: Deserializing untrusted data
public class VulnerableApp {
    public static Object deserialize(byte[] data) throws Exception {
        ByteArrayInputStream bis = new ByteArrayInputStream(data);
        ObjectInputStream ois = new ObjectInputStream(bis);
        return ois.readObject();  // DANGEROUS!
    }

    // SAFE: Use serialization filters (Java 9+)
    public static Object safeDeserialize(byte[] data) throws Exception {
        ObjectInputStream ois = new ObjectInputStream(
            new ByteArrayInputStream(data)) {
            @Override
            protected ObjectInputStream.FilterResolver resolveObjectStreamClass(
                ObjectStreamClass desc) throws IOException {
                // Only allow safe classes
                if (!desc.getName().startsWith("com.myapp.")) {
                    throw new InvalidClassException("Blocked: " + desc.getName());
                }
                return super.resolveObjectStreamClass(desc);
            }
        };
        return ois.readObject();
    }
}

// Attack payload concept (uses ysoserial)
// java -jar ysoserial.jar CommonsCollections1 "calc.exe" > payload.bin
// Send payload.bin to the vulnerable endpoint

Android Security Intro

java - AndroidSecurity.java
// Common Android security issues to test
// 1. Insecure data storage
// Check: /data/data/com.app/shared_prefs/
// Check: /data/data/com.app/databases/
// Check: /data/data/com.app/files/

// 2. Insecure network communication
// Check AndroidManifest.xml for:
// - android:usesCleartextTraffic="true"
// - Missing network_security_config.xml
// - Missing Certificate Pinning

// 3. Exported components
// Check AndroidManifest.xml for:
// - android:exported="true"
// - Intent filters without permissions

// 4. Hardcoded secrets
// Search for: API keys, passwords, tokens
// Command: grep -rn "api_key\|password\|secret" smali/

// ADB commands for Android security testing
// adb shell run-as com.app cat /data/data/com.app/shared_prefs/config.xml
// adb shell dumpsys package com.app | grep -A5 "Activity"
// adb logcat | grep -i "security\|auth\|token"

Resources