Manage Learn to apply best practices and optimize your operations.

Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Managemen

Application security should be implemented throughout the Java software development life cycle. Learn how to achieve a secure Java SDLC in this free excerpt from Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management.

As a registered member of, you're entitled to a complimentary copy of Chapter 8 of Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management written by Christopher Steel, Ramesh Nagappan, and Ray Lai and published by Prentice Hall.

This chapter, "The Alchemy of Security Design–Methodology, Patterns, and Reality Checks," discusses the prescription for a robust security architecture design, which is the alchemy of securing business applications end-to-end at all levels. In particular, it covers the rationale for adopting a security methodology, the process steps of security methodology, and how to create and use security patterns within that methodology. It also looks at how and why to do a security assessment as well as adopting a security framework.

Book title

Book description:
Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects today's best practices for security in large-scale, industrial-strength applications. The authors explain the fundamentals of Java application security from the ground up. They then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and 23 proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using smart cards and biometrics. Core Security Patterns covers all of the following and more:

  • What works and what doesn't: J2EE application-security best practices, and common pitfalls to avoid.
  • Implementing key Java platform security features in real-world applications.
  • Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile.
  • Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML.
  • Designing secure personal identification solutions using smart cards and biometrics.
  • Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists.
  • End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications.

>> Read "Chapter 8: The Alchemy of Security Design–Methodology, Patterns, and Reality Checks" now.

>> Buy the book

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.