Application Security Recipes for JAVA/JEE: A Problem Solution Approach (Proven Security Guidelines for JAVA Based Application Development)
Book Details
Description
Application Security Recipes for JAVA/JEE: A Problem-Solution Approach teaches how to build a highly secure and hack-resistant system using JAVA technology. This book provides end-to-end application security secrets and solutions. It provides a simplified and easy to follow approach to implement core security requirements (confidentiality, integrity, availability, authentication, authorization and accountability). When you start a new application development cycle or are working on existing legacy applications for the security aspects of the process, you can use the book as a catalog of ‘Security Best Practices’. The book content is organized in such a way that you feel you are working on system security at every phase of a software development life cycle (SDLC) in keeping with business requirements. This book starts its presentation with risk management terminology because without a fundamental understanding of risk you may fail to define a secure system; then the presentation moves towards the following topics in the process: identify and capture security requirements, transform all the identified requirements to a secure design phase, and then validate the design with threat model concepts. Thereafter we give a detailed presentation of the ‘Java built-in Security Model’, secure coding guidelines for Java, a presentation of various input injection attacks and web attacks, control injection attacks with input sanitization and output encoding, a detailed presentation of web services (SOAP/REST) security, validation and verification of all the security controls with ‘white-box’ and ‘black-box’ testing. Then, how to apply cryptosystem best-practices for application development, a presentation of cloud security and Android security, an introduction to the OWASP TOP 10 Risks for 2014 and the OWASP TOP 10 Mobile Risks for 2014 and finally a discussion of Spring framework's built-in security module is explored. The highlights of the book are:
• Input injection attacks & Web injection attack
• Threat modeling
• SOAP and RESTful web services security
• OAuth and SAML protocols
• Android Security & Cloud Security
This book guides you step-by-step through topics using complete and real-world code examples. Instead of theoretical descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can follow the recipes to define end-to-end security aspects of a system.
What you?ll learn
- Importance of risk management and application security
- Core security requirements
- Security design principles
- Input validation and best practices
- Input injection attacks and controls
- Web services security
- Cryptography best practices
- Cloud security principles
- Spring Framework security for authentication and authorization
Who this book is for
- Application developers, architects and technical managers who wants to learn application security principles and practices.
- Highly recommended read for security certifications like CSSLP,CISSP and SANS Certified Java Developer.
