Threat Post

Old Attack Exploits New Java Reflection API Flaw

Researchers have discovered a new vulnerability in the Java Reflection API that can be exploited by a decade-old attack. No Java component has had a bigger bull’s eye on its back this year than the ...
Threat Post

Java Reflection API Woes Resurface in Latest Oracle Patches

Oracle’s Critical Patch update addresses 154 vulnerabilities, many of which are remotely exploitable. Security Explorations of Poland, meanwhile, published details on a number of Java flaws in the ...
IEEE

Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study

Abstract: The behavior of software that uses the Java Reflection API is fundamentally hard to predict by analyzing code. Only recent static analysis approaches can resolve reflection under unsound yet ...
InfoWorld

Book Review: Java Reflection in Action

The book Java Reflection in Action was published in 2004, but remains largely applicable eight years later. In this post, I review this book and cover its strengths and its weaknesses. In general, age ...
Bitdefender

Zero-Day Flaws in Java Re-Emerge; No Exploitation in the Wild Yet

Two new security flaws have been detected in the latest version of Java 7 (Update 15) by security researchers at Polish company Security Explorations. According to their account, the security issues ...
InfoWorld

Reflection vs. code generation

Data marshaling (pulling data from an outside source and loading it into a Java object) can utilize the benefits of reflection to create a reusable solution. The problem is simple enough: load data ...