EXPERT RESPONSE
Learning application security development from Java is obviously a great choice. I often emphasize this, because the Java platform was designed with security from ground-up -- including its runtime environment and programming language. With its extensible security architecture, Java provides end-to-end security mechanisms for an application beyond its underlying runtime by ensuring security at all levels including its users, components, services and communication.
In particular, Java provides APIs and mechanisms for applying crytopgraphic techniques, securing communication, authenticating and authorizing application users, securing micro-devices, securing XML Web services, enabling single sign-on and integrating PKI and biometric security providers via smart cards, cryptographic devices and appliances.
From a Java developer perspective, understanding security technologies from Java is much easier and simpler than it is for other programming languages. Because the Java platform facilitates an interoperable, platform-neutral application development and deployment environment, the security development gets further simplified via its standardized API mechanisms and runtime environment.
To learn Java security development, I would start practicing the Java platform security mechanisms and APIs applied to your target application environment. In particular, you should explore how to bake in essential security features such as confidentiality, integrity and availability during application development. Use Java Standard Edition (Java SE) for standalone applications, Java Micro Edition (Java ME) for consumer micro devices and embedded systems and Java Enterprise Edition (Java EE) for enterprise-class applications. Understanding the basic Java security mechanisms would definitely allow a developer to solve critical application-level security requirements.
To gain expertise, I would strongly suggest adopting a proactive and holistic approach in your security development process. Do this by practicing the use of security patterns and implementation strategies, and understanding the best practices and pitfalls related to your target application environment. As a result, this expertise also would help when building robust application security using proactive and best practices based approaches -- and also pave the way for a successful application security career.
More information:
|
