Q

Java developers need to think about security

Security exploits in Java-based applications are increasingly common. Expert Ramesh Nagappan explains how to counter these threats with secure development practices.

Core Security Patterns is an incredible book. Are you seeing any more awareness of security among developers? Security seems like an afterthought in most Java teams that I have worked with, sadly enough.

Thanks for the praise. I fully agree with you, in the last few years security has taken unprecedented importance in the IT industry. It is growing even more with a lot of attention from IT application architects and developers.

Every day a new breed of business systems is finding its place. Changes to existing systems are becoming very common in the IT industry. Although it is great to see those changes in terms of improving efficiency and cost effectiveness, these improvements are often accompanied by new security risks. These vulnerabilities are related to service interruptions, unauthorized access, the stealing and altering of information, impersonation, the spreading of viruses and so on. As a result, security breaches are increasingly common and businesses are faced with large financial losses, poor consumer confidence and penalties for regulatory compliance. These issues certainly heightened security awareness. And every organization has the ethical and legal responsibility to properly secure information resources with appropriate measures and processes.

From an IT developer perspective, it becomes critical to understand what security represents to us and to know the challenges that are involved with building robust security into business applications from the ground up. It means a developer must adopt an approach that allows implementation of security as a key ingredient throughout the software development life cycle -- right from design and development through post-production operations and till its retirement.

The unfortunate reality, however, is that security today is often treated as a post-deployment event at the end of the development phase, or as a reaction to something going wrong. If you look closely, these problems tends to occur commonly where there are NO proactive security measures in place and security is hardly practiced. To be precise, the proactive security measures of a software development lifecycle should identify potential security flaws and exploits and then address them in terms of the following Four Ws:

  1. Which applications are we protecting ?
  2. Where should we protect them?
  3. Why are we protecting them?
  4. Who are we protecting the applications from?

It is critical to identify risks and know how to mitigate them with proven security solutions or trade-off decisions during the design and architecture phases of a application development - not at the time of deployment. Core Security Patterns is a guide to implementing security in the software development life cycle using a structured methodology, risks and trade-off analysis and patterns-driven design. The book teaches best practices and defensive strategies, risk verification through reality checks and how to create comprehensive recovery and continuity plans.

More information:
  • Steps you can take now to begin building in software security
  • Featured Topic: Integrating security into the SDLC
  • Demystifying Java platform security – Part 1
  • This was first published in August 2006

    Dig deeper on Building security into the SDLC (Software development life cycle)

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchSOA

    TheServerSide

    SearchCloudApplications

    SearchAWS

    SearchBusinessAnalytics

    SearchFinancialApplications

    SearchHealthIT

    Close