Java developers need to think about security

Thanks for the praise. I fully agree with you, in the last few years security has taken unprecedented importance in the IT industry. It is growing even more with a lot of attention from IT application architects and developers.

Every day a new breed of business systems is finding its place. Changes to existing systems are becoming very common in the IT industry. Although it is great to see those changes in terms of improving efficiency and cost effectiveness, these improvements are often accompanied by new security risks. These vulnerabilities are related to service interruptions, unauthorized access, the stealing and altering of information, impersonation, the spreading of viruses and so on. As a result, security breaches are increasingly common and businesses are faced with large financial losses, poor consumer confidence and penalties for regulatory compliance. These issues certainly heightened security awareness. And every organization has the ethical and legal responsibility to properly secure information resources with appropriate measures and processes.

From an IT developer perspective, it becomes critical to understand what security represents to us and to know the challenges that are involved with building robust security into business applications from the ground up. It means a developer must adopt an approach that allows implementation of security as a key ingredient throughout the software development life cycle -- right from design and development through post-production operations and till its retirement.

The unfortunate reality, however, is that security today is often treated as a post-deployment event at the end of the development phase, or as a reaction to something going wrong. If you look closely, these problems tends to occur commonly where there are NO proactive security measures in place and security is hardly practiced. To be precise, the proactive security measures of a software development lifecycle should identify potential security flaws and exploits and then address them in terms of the following Four Ws:

1. Which applications are we protecting ?
2. Where should we protect them?
3. Why are we protecting them?
4. Who are we protecting the applications from?

It is critical to identify risks and know how to mitigate them with proven security solutions or trade-off decisions during the design and architecture phases of a application development - not at the time of deployment. Core Security Patterns is a guide to implementing security in the software development life cycle using a structured methodology, risks and trade-off analysis and patterns-driven design. The book teaches best practices and defensive strategies, risk verification through reality checks and how to create comprehensive recovery and continuity plans.