		Application Security Recipes for JAVA/JEE: A Problem Solution Approach (Proven Security Guidelines for JAVA Based Application Development) Madhu Kancharla Paperback. Apress 2015-12-15. ISBN 9781484208304
		Buy from Amazon.co.uk

Publisher description

Application Security Recipes for JAVA/JEE: A Problem-Solution Approach teaches how to build a highly secure and hack-resistant system using JAVA technology. This book provides end-to-end application security secrets and solutions. It provides a simplified and easy to follow approach to implement core security requirements (confidentiality, integrity, availability, authentication, authorization and accountability). When you start a new application development cycle or are working on existing legacy applications for the security aspects of the process, you can use the book as a catalog of 'Security Best Practices'. The book content is organized in such a way that you feel you are working on system security at every phase of a software development life cycle (SDLC) in keeping with business requirements. This book starts its presentation with risk management terminology because without a fundamental understanding of risk you may fail to define a secure system; then the presentation moves towards the following topics in the process: identify and capture security requirements, transform all the identified requirements to a secure design phase, and then validate the design with threat model concepts. Thereafter we give a detailed presentation of the 'Java built-in Security Model', secure coding guidelines for Java, a presentation of various input injection attacks and web attacks, control injection attacks with input sanitization and output encoding, a detailed presentation of web services (SOAP/REST) security, validation and verification of all the security controls with 'white-box' and 'black-box' testing. Then, how to apply cryptosystem best-practices for application development, a presentation of cloud security and Android security, an introduction to the OWASP TOP 10 Risks for 2014 and the OWASP TOP 10 Mobile Risks for 2014 and finally a discussion of Spring framework's built-in security module is explored. The highlights of the book are:

* Input injection attacks & Web injection attack

* Threat modeling

* SOAP and RESTful web services security

* OAuth and SAML protocols

* Android Security & Cloud Security

This book guides you step-by-step through topics using complete and real-world code examples. Instead of theoretical descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can follow the recipes to define end-to-end security aspects of a system. What you’ll learn

Importance of risk management and application securityCore security requirementsSecurity design principlesInput validation and best practicesInput injection attacks and controlsWeb services securityCryptography best practicesCloud security principlesSpring Framework security for authentication and authorizationWho this book is for

Application developers, architects and technical managers who wants to learn application security principles and practices.Highly recommended read for security certifications like CSSLP, CISSP and SANS Certified Java Developer

Similar books

Rate the book

Write a review and share your opinion with others. Try to focus on the content of the book. Read our instructions for further information.

Application Security Recipes for JAVA/JEE: A Problem Solution Approach

Book reviews » Application Security Recipes for JAVA/JEE: A Problem Solution Approach (Proven Security Guidelines for JAVA Based Application Development)