By Christopher Steel, Ramesh Nagappan, Ray Lai
Compliment for middle protection Patterns
"Java presents the applying developer with crucial safety mechanisms and aid in warding off serious defense insects universal in different languages. A language, although, can merely pass thus far. The developer needs to comprehend the protection necessities of the applying and the way to exploit the gains Java offers in an effort to meet these necessities. center safeguard styles addresses either points of defense and should be a consultant to builders far and wide in developing safer applications."
--Whitfield Diffie, inventor of Public-Key Cryptography
"A entire booklet on defense styles, that are serious for safe programming."
--Li Gong, former leader Java defense Architect, sunlight Microsystems, and coauthor of inside of Java 2 Platform Security
"As builders of present functions, or destiny innovators that would force the subsequent iteration of hugely allotted purposes, the styles and most sensible practices defined during this publication may be an incredible asset in your improvement efforts."
--Joe Uniejewski, leader know-how Officer and Senior vp, RSA safety, Inc.
"This publication makes an enormous case for taking a proactive method of safety instead of counting on the reactive defense technique universal within the software program industry."
--Judy Lin, government vice chairman, VeriSign, Inc.
"Core safety styles offers a entire patterns-driven method and technique for successfully incorporating safeguard into your functions. i like to recommend that each software developer make a copy of this quintessential protection reference via their side."
--Bill Hamilton, writer of ADO.NET Cookbook, ADO.NET in a Nutshell, and NUnit Pocket Reference
"As a depended on consultant, this e-book will function a Java developer™s safeguard instruction manual, offering utilized styles and layout innovations for securing Java applications."
--Shaheen Nasirudheen, CISSP,Senior know-how Officer, JPMorgan Chase
"Like center J2EE styles, this publication offers a proactive and patterns-driven process for designing end-to-end safety on your purposes. Leveraging the authors™ robust protection adventure, they created vital booklet for any designer/developer trying to create safe applications."
--John Crupi, unusual Engineer, solar Microsystems, coauthor of middle J2EE Patterns
Core safeguard styles is the hands-on practitioner™s advisor to construction powerful end-to-end safeguard into J2EE™ firm purposes, internet companies, id administration, provider provisioning, and private id recommendations. Written via 3 top Java protection architects, the patterns-driven technique absolutely displays today™s top practices for defense in large-scale, industrial-strength applications.
The authors clarify the basics of Java software protection from the floor up, then introduce a strong, based defense technique; a vendor-independent protection framework; an in depth evaluation record; and twenty-three confirmed protection architectural styles. They stroll via a number of practical eventualities, masking structure and implementation and offering distinctive pattern code. They reveal the best way to observe cryptographic suggestions; obfuscate code; determine safe communique; safe J2ME™ purposes; authenticate and authorize clients; and give a boost to internet providers, allowing unmarried sign-on, potent identification administration, and private id utilizing shrewdpermanent playing cards and Biometrics.
Core defense styles covers all the following, and more:
- What works and what doesn™t: J2EE application-security top practices, and customary pitfalls to avoid
- enforcing key Java platform security measures in real-world applications
- developing internet providers defense utilizing XML Signature, XML Encryption, WS-Security, XKMS, and WS-I simple protection profile
- Designing identification administration and repair provisioning platforms utilizing SAML, Liberty, XACML, and SPML
- Designing safe own id strategies utilizing clever playing cards and Biometrics
- safety layout method, styles, most sensible practices, fact exams, shielding recommendations, and overview checklists
- End-to-end safety structure case research: architecting, designing, and enforcing an end-to-end protection resolution for large-scale functions