Java is considered more secure than any other language because of its bytecode facility. Java applet\'s bytecode is dynamically downloaded over the network instead of the .exe file and executed by the JVM in the browser. So there is no overhead of virus or currepted file, because the JVM also checks the length of the bytecode. Security Implementation Mechanisms : * Java Authentication and Authorization Service (JAAS). * Java Generic Security Services (Java GSS-API). * Java Cryptography Extension (JCE). * Java Secure Sockets Extension (JSSE). * Simple Authentication and Security Layer (SASL). Java security services are separate from the security mechanisms of the operating system. Java provides security at various layers: * Application-Layer Security : At the application layer, application firewalls can be employed to enhance application protection by protecting the communication stream and all associated application resources from attacks. * Transport-Layer Security : Transport-layer security relies on secure HTTP transport (HTTPS) using Secure Sockets Layer (SSL). Transport security is a point-to-point security mechanism that can be used for authentication, message integrity, and confidentiality. * Message-Layer Security : In message-layer security, security information is contained within the SOAP message and/or SOAP message attachment, which allows security information to travel along with the message or attachment.