APPLICATION SECURITY BOOK EXCERPTS
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management -- Chapter 8
Christopher Steel, Ramesh Nagappan, and Ray Lai
01.12.2006
Rating: -4.20- (out of 5)
As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 8 of Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management written by Christopher Steel, Ramesh Nagappan, and Ray Lai and published by Prentice Hall.
This chapter, "The Alchemy of Security Design–Methodology, Patterns, and Reality Checks," discusses the prescription for a robust security architecture design, which is the alchemy of securing business applications end-to-end at all levels. In particular, it covers the rationale for adopting a security methodology, the process steps of security methodology, and how to create and use security patterns within that methodology. It also looks at how and why to do a security assessment as well as adopting a security framework.
Book description:
Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects today's best practices for security in large-scale, industrial-strength applications.
The authors explain the fundamentals of Java application security from the ground up. They then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and 23 proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using smart cards and biometrics.
Core Security Patterns covers all of the following and more:
- What works and what doesn't: J2EE application-security best practices, and common pitfalls to avoid.
- Implementing key Java platform security features in real-world applications.
- Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile.
- Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML.
- Designing secure personal identification solutions using smart cards and biometrics.
- Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists.
- End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications.
>> Read "Chapter 8: The Alchemy of Security Design–Methodology, Patterns, and Reality Checks" now.
>> Buy the book
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now
to start rating these tips. Log in if you are already a member.
|
 |
 |
| |
RELATED CONTENT
 |
Application Security Book Excerpts |
|
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
|
|
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
|
|
Ajax Security -- Chapter 6, Transparency in Ajax Applications
|
|
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks
|
|
Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors
|
|
Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis
|
|
Security Metrics: Replacing Fear, Uncertainty, and Doubt -- Chapter 3, Application Security Metrics
|
|
Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership, and Role Management
|
|
Securing JavaServer Faces Applications -- Chapter 15, JavaServer Faces: The Complete Reference
|
|
Hacking for Dummies -- Chapter 16, Web applications
|
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
