Rating:  - A definitive guide to enterprise-level application security...
If you're building enterprise-level applications that do *anything* with security, this is a book you need to consider reading... Core Security Patterns - Best Practices and Strategies for J2EE, Web Services, and Identity Management by Christopher Steel, Ramesh Nagappan, and Ray Lai. If you need to know it, it's in here...
Contents:
Part 1 - Introduction: Security by Default; Basics of Security
Part 2 - Java Security Architecture and Technologies: The Java 2 Platform Security; Java Extensible Security Architecture and APIs; J2EE Security Architecture
Part 3 - Web Services Security and Identity Management: Web Services Security - Standards and Technologies; Identity Management Standards and Technologies
Part 4 - Security Design Methodology, Patterns, and Reality Checks: The Alchemy of Security Design - Methodology, Patterns, and Reality Checks;
Part 5 - Design Strategies and Best Practices: Securing the Web Tier - Design Strategies and Best Practices; Securing the Business Tier - Design Strategies and Best Practices; Securing Web Services - Design Strategies and Best Practices; Securing the Identity - Design Strategies and Best Practices; Secure Service Provisioning - Design Strategies and Best Practices
Part 6 - Putting It All Together: Building End-to-End Security Architecture - A Case Study
Part 7 - Personal Identification Using Smart Cards and Biometrics: Secure Personal Identification Strategies Using Smart Cards and Biometrics
Index
With the emphasis on Service Oriented Architecture (SOA) these days, it's likely that you'll be building systems that interact with other systems in ways you may not have envisioned. And it's a given that if someone is trusting you to provide a service, they're also trusting you to make sure that service interaction is secure. Core Security Patterns is an exhaustive volume on security as it relates to J2EE applications, web services, and other associated types of applications that drive today's business. The authors start out each section with a clear explanation of the issues involved in security for that given subject (like web services) and then go on to explain the different technologies that can be used to address those issues. They don't get into deep examination of specific APIs, but they do go into enough code to make a Java developer happy. After all the issues and options are presented, there's a presentation of security patterns that can be applied to a number of application scenarios. The value of patterns is that you can architect your system to take advantage of accumulated wisdom surrounding secure applications, without having to redesign the wheel. You'll still need to implement the design within your application, but the pattern gives you the overall structure you need to consider. With the core patterns found in this book, you shouldn't have to find yourself explaining why a significant security design was flawed.
With software systems handling billions of dollars in transactions each year, the stakes are high to ensure that the system is solid and secure. Not only is the dollar amount at stake incredibly high, the trust that others have in your organization hinges on this key area. Spending money on this book now greatly reduces your chances of spending millions to repair your systems later... Assuming you have an organization left to repair...
Rating: - A true practitioner's guide to J2EE Security
I rushed to buy this book reading the toc , this book just exceeded my expectations by addressing every Java security feature and how to apply them in real-world J2EE application scenarios. The most compelling thing that impressed me the most is - this book has a long-list of J2EE Security best practices and pitfalls which identifies the DO's and DON'T in real world J2EE implementation and deployment. The best practices and pitfalls described is a must-read for all J2EE developers. It drills indepth with the nitty-gritty details that are usually unexplored in J2EE application design and implementation. The cool thing is..the security patterns plugs on top of the existing Core J2EE patterns and then provides implementation strategies illustrating which Java security mechanism must be used. The book also has a comprehensive coverage on the priciples of security methodology, architecture models, when and how to apply patterns, reality checking and Java security code examples. The book also introduces all required fundamentals and code samples for understanding J2ee and Java security apis, Webservices Security, identity and provisioning.
Ultimately, this book is a Java developer's companion for implementing security and truly WORTH A BUY.
|
