Repost: Core Security Patterns: Best Practices and Strategies for J2EE(TM), by Christopher Steel
Prentice Hall Ptr (October 14, 2005) | ISBN: 0131463071 | CHM | 7.24 Mb | 1088 pages | English
Core Security Patterns is the hands-on practitioner™s guide to building robust end-to-end security into J2EE™ enterprise applications, Web services, identity management, service provisioning, and personal identification solutions.
The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and twenty-three proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME™ applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using Smart Cards and Biometrics.
Core Security Patterns covers all of the following, and more:
— What works and what doesn™t: J2EE application-security best practices, and common pitfalls to avoid
— Implementing key Java platform security features in real-world applications
— Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile
— Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML
— Designing secure personal identification solutions using Smart Cards and Biometrics
— Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists
— End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications