Because of the popularity of Java in the enterprise application development market, securing Java code against compromise is vital to safeguarding an organization's software and data assets from potential internal and external threats
San Francisco (PRWEB) April 20, 2009
(RSA Conference Booth #358) Arxan Technologies®, a leading provider of application hardening solutions that protect software applications from attacks to minimize risk to code and intellectual property (IP), today announced forthcoming software protection for Java applications.
Java application development has become the most widely adopted platform for web and enterprise applications. Specifically, Java is used to build IP-intensive thick client applications such as banking clients, social networking clients and massively multiplayer online role-playing game (MMORPG) clients; and in software powered devices such as routers, embedded controllers, firewall devices and digital media devices. Along with Java's portability, which is a result of an efficient framework, Java's ease of development, cross-platform support and increasing performance are all factors driving Java adoption.
As malware moves up the stack to the application layer, insider attacks continue to rise and IP embedded in the application is targeted by hackers. Being an interpreted language, Java's highly structured bytecode file format and simple instruction set make it easy to reverse-engineer, tamper and pirate. In particular, ease of Java code analysis enables rapid vulnerability discovery, which accelerates the development of damaging malware.
"Because of the popularity of Java in the enterprise application development market, securing Java code against compromise is vital to safeguarding an organization's software and data assets from potential internal and external threats," said Nick Selby, vice president and Research Director for Enterprise Security at industry analyst firm, The 451 Group. "Arxan's products like GuardIT for Java seek to employ multiple methods to help protect against exploits that threaten to compromise web, desktop and enterprise applications and licensed software."
Threats against Java code include:
- Reverse engineering of the application and then decompilation of the code for IP theft and discovery of critical routines that can be found and exploited
- Easy decompilation of Java code from to low-cost or free Java decompilers that automatically process bytecode to produce readable source code for direct code modification
- Patching thick client binaries to bypass authentication logic or exploit restricted functionality in client code to enable attacks on the server
- Server attacks from the identification of key and authentication credentials for theft or abuse
Arxan is expanding its GuardIT family of software protection products to include GuardIT for Java. GuardIT for Java addresses customer needs for application protection against threats specific to interpreted code and specifically Java applications.
Application hardening technologies used by Arxan's GuardIT for Java protection framework include:
- Multi-defense approach with both string encryption and renaming
- Strong bytecode-level obfuscation and secure class loading for significant protection.
- Will provide real-time alerts of attempted system compromise
- Will enable the application to dynamically and intelligently react to attempted attacks, for example through self-healing code
- Strengthen security through configuration options for the privacy of debugging information
"Enterprises require greater protection for Java applications, which are the backbone of industry in order to thwart hackers and protect against unauthorized access to the embedded source code and intellectual property," said Mike Dager, chief executive officer, Arxan Technologies. "We are excited about expanding the scope of our application security and hardening offerings to encompass Java applications. GuardIT for Java delivers a customizable level of protection to safeguard IP at the application level and minimizes the risk of an attack."
Arxan's GuardIT is the only platform that provides comprehensive and best-of-breed protection for native, managed and interpreted code. GuardIT's protection deeply and intricately binds these segments together in mixed-mode binaries, ensuring durable protection without high performance impact, and without affecting the software development process itself. In addition to Java protection, GuardIT also protects .NET, Windows and Linux applications in both 32-bit and 64-bit architectures.
About Arxan Technologies, Inc.
Arxan Technologies Inc. is a leading provider of application hardening solutions that protect software applications from attacks to minimize risk to code and intellectual property. Our advanced software protection solutions secure enterprises, ISVs and digital media providers against unauthorized use, malware insertion, piracy, and reverse engineering of intellectual property. Our products defend, detect and react to attacks through a threat-based, customizable approach that is proven, easy to use and non-disruptive. Arxan supports a full range of application protection needs, from commercial software to military grade assurance. The government relies on Arxan Defense Systems to deliver a best-of-breed anti-tamper platform to protect critical program information. Founded in 2001, Arxan Technologies has offices in Bethesda, MD, San Francisco, CA and West Lafayette, IN. For more information, please visit http://www.arxan.com.