%0 Journal Article %1 mjs:Lukas:Java %A Lukas, Georg %D 2015 %K api ds15 java mjsarticle security ssl sslsocket %N 1 %P 506-513 %T Java’s SSLSocket %U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf %V 9 %X Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer

@article{mjs:Lukas:Java, abstract = {Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer}, added-at = {2021-09-19T18:42:17.000+0200}, author = {Lukas, Georg}, biburl = {https://www.bibsonomy.org/bibtex/28d8ecaab06557e922c9352bb24b1153e/steschum}, interhash = {286eded2605f5e9b7a706fa184ccc018}, intrahash = {8d8ecaab06557e922c9352bb24b1153e}, issn = {2192-4260}, journaltitle = {Magdeburger Journal zur Sicherheitsforschung}, keywords = {api ds15 java mjsarticle security ssl sslsocket}, number = 1, pages = {506-513}, subtitle = {How Bad APIs Compromise Security}, timestamp = {2021-10-22T17:15:30.000+0200}, title = {Java’s SSLSocket}, url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf}, urldate = {2015-03-20}, volume = 9, year = 2015 }