Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Managemen

Christopher Steel, Ramesh Nagappan, and Ray Lai

As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 8 of Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management written by Christopher Steel, Ramesh Nagappan, and Ray Lai and published by Prentice Hall.

This chapter,

    Requires Free Membership to View

"The Alchemy of Security Design–Methodology, Patterns, and Reality Checks," discusses the prescription for a robust security architecture design, which is the alchemy of securing business applications end-to-end at all levels. In particular, it covers the rationale for adopting a security methodology, the process steps of security methodology, and how to create and use security patterns within that methodology. It also looks at how and why to do a security assessment as well as adopting a security framework.

Book description:
Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects today's best practices for security in large-scale, industrial-strength applications. The authors explain the fundamentals of Java application security from the ground up. They then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and 23 proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using smart cards and biometrics. Core Security Patterns covers all of the following and more:

  • What works and what doesn't: J2EE application-security best practices, and common pitfalls to avoid.
  • Implementing key Java platform security features in real-world applications.
  • Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile.
  • Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML.
  • Designing secure personal identification solutions using smart cards and biometrics.
  • Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists.
  • End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications.

>> Read "Chapter 8: The Alchemy of Security Design–Methodology, Patterns, and Reality Checks" now.

>> Buy the book

This was first published in January 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.