A Tutorial on Java Socket Programming and Source Code Analysis

The book is organized into two modules: In the first module we present a tutorial on socket programming in Java illustrating complete examples for simplex and duplex communications with both connectionless datagram and connection-oriented stream-mode sockets. In addition this module explains in detail with examples the differences between a concurrent server and iterative server and the use of the Multicast socket API. In the second module we present the source code analysis of a file reader connection-oriented server socket Java program to illustrate the identification impact analysis and solutions to remove the following important software security vulnerabilities: (1) Resource Injection (2) Path Manipulation (3) System Information Leak (4) Denial of Service and (5) Unreleased Resource vulnerabilities. We analyze the reason for these vulnerabilities to occur in the program discuss the impact of leaving them unattended and propose solutions to remove each of these vulnerabilities from the program. The proposed solutions are very generic in nature and can be suitably modified to correct any such vulnerabilities in software developed in any other programming language.