Explore the evolving landscape of Java vulnerabilities and exploitation techniques in this Black Hat USA 2013 conference talk. Delve into the security challenges faced by Oracle Java over a three-year period, examining vulnerability trends, attack surfaces, and the shift from classic memory corruption issues to abuses of the reflection API. Gain insights into the top five vulnerability types submitted to the Zero Day Initiative (ZDI) program, and learn about specific weaknesses in Java sub-components. Analyze how attackers and exploit kit authors leverage these vulnerabilities, and discover the techniques used in the Pwn2Own competition. Understand Oracle's response to recent security issues and the steps taken to address them. Equip yourself with valuable knowledge for vulnerability research and auditing of Java components in this comprehensive exploration of Java security.