Home > Ask the Software Quality Experts > Application Security Questions & Answers > Beginning a Java security career
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

Beginning a Java security career

Ramesh Nagappan EXPERT RESPONSE FROM: Ramesh Nagappan

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 18 December 2006
Though I am not a beginner in Java, I recently got interested in Java security. What should I be learning in order to get a job in Java security? Is there anything in particular that could lead me to a career in this area?

>

Learning application security development from Java is obviously a great choice. I often emphasize this, because the Java platform was designed with security from ground-up -- including its runtime environment and programming language. With its extensible security architecture, Java provides end-to-end security mechanisms for an application beyond its underlying runtime by ensuring security at all levels including its users, components, services and communication.

In particular, Java provides APIs and mechanisms for applying crytopgraphic techniques, securing communication, authenticating and authorizing application users, securing micro-devices, securing XML Web services, enabling single sign-on and integrating PKI and biometric security providers via smart cards, cryptographic devices and appliances.

From a Java developer perspective, understanding security technologies from Java is much easier and simpler than it is for other programming languages. Because the Java platform facilitates an interoperable, platform-neutral application development and deployment environment, the security development gets further simplified via its standardized API mechanisms and runtime environment.

To learn Java security development, I would start practicing the Java platform security mechanisms and APIs applied to your target application environment. In particular, you should explore how to bake in essential security features such as confidentiality, integrity and availability during application development. Use Java Standard Edition (Java SE) for standalone applications, Java Micro Edition (Java ME) for consumer micro devices and embedded systems and Java Enterprise Edition (Java EE) for enterprise-class applications. Understanding the basic Java security mechanisms would definitely allow a developer to solve critical application-level security requirements.

To gain expertise, I would strongly suggest adopting a proactive and holistic approach in your security development process. Do this by practicing the use of security patterns and implementation strategies, and understanding the best practices and pitfalls related to your target application environment. As a result, this expertise also would help when building robust application security using proactive and best practices based approaches -- and also pave the way for a successful application security career.

More information:


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
The basics
Developers get bigger role in software quality, security

Hiring, mentoring and training for software projects
Is your software test team rigorously incompetent?
Advice on how to enter the software technology field
Optimizing project management using text messaging, IMs, and Skype
How to get a software testing job in a recession
Does Microsoft offer an international testing certification?
How to handle IT project management in a recession
How teams transition to agile development methodologies
Do security certifications really matter? Yes, really
Cutting staff for a more agile software development team
Software development lifecycle (SDLC) trends 2009: Requirements, agile

Building security into the SDLC (Software development life cycle)
Problems caused by skipping analysis stage of SDLC
Inexpensive phase of SDLC to catch and fix bugs
GatherSpace beefs up cloud-based requirements management
ALM: Best of breed vs. complete systems
Software development life cycle phases, iterations, explained step by step
The role of quality assurance (QA) pros in software security
Common software security risks and oversights
Why the quality assurance department should be involved in testing
How to develop secure applications
Secure software development practices 'not rocket science'

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Project Management Professional (PMP)  (SearchSoftwareQuality.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Software Quality - Software Maintenance, Software Requirements, Software Standards
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts