About to start my real first Java project to learn the language in-depth: a virtual ATM featuring a GUI and a networking system for the transmission of banking data to and from a server. Since I particularly care about security this will surely help me get a better understanding of everything involved. Wish me luck.

Good luck! Sounds like a cool project.

Funny. You say you will use Java. And in then you say security?
Yoy should decide if you want Java or security. They don't mix well.

@krister-alm Would love to hear the reasoning behind that claim.

@makenshi I hate knowing this since Java is the language I am most proficent in currently but I have heard about security issues with Java as well. For one almost all Java bytecode can be decompiled into class files. If someone can read your code for a banking system it makes it much easier to exploit https://bitbucket.org/mstrobel/...

@Axis Security by obscurity isn't that good anyway. There are clever ways to do security, and the devs of the popular cryptography libraries have a big chunk of it figured out. Encryption and physical restrictions (that is, no exposed USB ports on ATMs) and it should be good.

@Axis by that logic windows is the most secure os because no one has access to the code and Linux is the least secure because anyone can access it right?

@krister-alm Well, this still won't prevent me from learning about both. Learning about Java vulnerabilities is good too, but to do so first hand experience and research are needed.

@ryanmhoffman no that is not the case. I mean are you really trying to compare my point about an application to an entire OS and Linux is just a kernel lol. Applications generally do not have codebases as large as the Linux kernel or Mac os or windows. But I would still say someone who knows what they are doing can try to find logical flaws in code that lead to exploits. If it weren't for the fact that they were patched instead of exploited there would have been a few Linux exploits that came from someone just simply reading the code. Being able to read the code isn't end all be all but it does give attackers more information to work with and for exploits knowledge is power.

@Axis I know Linux is a kernel. Technically windows is a kernel too. My point was that just because you can see the code or decompile it to class files as is the case with Java does not mean it is unsafe. If someone decompiles my java program and exploits it then it is my fault for leaving the exploit not Java's.

Any exploit that can be quickly patched is the developers error, not the language used.

@ryanmhoffman ah now I see your point and it's totally fair. I just think if I were a hacker and I was trying to bypass some system. In one case I don't have the code and everything is a black box to me where in another case I can decompiled and see the code. I just think it is another advantage for them to use but you are completely correct even decompilable (is that a word?) applications if written correctly should still not be exploitable.

@ryanmhoffman Then Java itself wouldn't need so many security pathes (yet it does get them).
I don't blame our code. Problem is within Java itself.

@krister-alm like all good developers: blame the tools!

@krister-alm and all good software needs security patches. Security is not something you implement and then it's done. Security isn't static so if you don't update and patch then it's insecure. That goes for every language app os kernel or any software in general.

Basically java becomes more secure with every patch. Not less.

@ryanmhoffman Java and that ms-dialect they call c# are the only languages i have problem with.
I gladly use pascal, c, c++, D, assembler, python, rust etc...

@TheItalianGuy sorry for hijacking your rant!! Good luck on your project!

@ryanmhoffman No worries. Thank you! :)