The Java programming language and environment has many features that facilitate secure programming:

• No pointers, which means that a Java program cannot address arbitrary memory locations in the address space.
  
  
• A bytecode verifier, which operates after compilation on the .class files and checks for security issues before execution. For example, an attempt to access an array element beyond the array size will be rejected. Because buffer overflow attacks are responsible for most system breaches, this is an important security feature.
  
  
• Fine-grained control over resource access for both applets and applications. For example, applets can be restricted from reading from or writing to disk space, or can be authorized to read from only a specific directory. This authorization can be based on who signed the code (see The concept of code signing) and the http address of the code source. These settings appear in a java.policy file.
  
  
• A large number of library functions for all the major cryptographic building blocks and SSL (the topic of this tutorial) and authentication and authorization (discussed in the second tutorial in this series). In addition, numerous third-party libraries are available for additional algorithms.