Ask the Expert

Java developers need to think about security

Core Security Patterns is an incredible book. Are you seeing any more awareness of security among developers? Security seems like an afterthought in most Java teams that I have worked with, sadly enough.

    Requires Free Membership to View

Thanks for the praise. I fully agree with you, in the last few years security has taken unprecedented importance in the IT industry. It is growing even more with a lot of attention from IT application architects and developers.

Every day a new breed of business systems is finding its place. Changes to existing systems are becoming very common in the IT industry. Although it is great to see those changes in terms of improving efficiency and cost effectiveness, these improvements are often accompanied by new security risks. These vulnerabilities are related to service interruptions, unauthorized access, the stealing and altering of information, impersonation, the spreading of viruses and so on. As a result, security breaches are increasingly common and businesses are faced with large financial losses, poor consumer confidence and penalties for regulatory compliance. These issues certainly heightened security awareness. And every organization has the ethical and legal responsibility to properly secure information resources with appropriate measures and processes.

From an IT developer perspective, it becomes critical to understand what security represents to us and to know the challenges that are involved with building robust security into business applications from the ground up. It means a developer must adopt an approach that allows implementation of security as a key ingredient throughout the software development life cycle -- right from design and development through post-production operations and till its retirement.

The unfortunate reality, however, is that security today is often treated as a post-deployment event at the end of the development phase, or as a reaction to something going wrong. If you look closely, these problems tends to occur commonly where there are NO proactive security measures in place and security is hardly practiced. To be precise, the proactive security measures of a software development lifecycle should identify potential security flaws and exploits and then address them in terms of the following Four Ws:

  1. Which applications are we protecting ?
  2. Where should we protect them?
  3. Why are we protecting them?
  4. Who are we protecting the applications from?

It is critical to identify risks and know how to mitigate them with proven security solutions or trade-off decisions during the design and architecture phases of a application development - not at the time of deployment. Core Security Patterns is a guide to implementing security in the software development life cycle using a structured methodology, risks and trade-off analysis and patterns-driven design. The book teaches best practices and defensive strategies, risk verification through reality checks and how to create comprehensive recovery and continuity plans.

More information:
  • Steps you can take now to begin building in software security
  • Featured Topic: Integrating security into the SDLC
  • Demystifying Java platform security – Part 1
  • This was first published in August 2006

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: