Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Sun Core Series)

	List Price: $64.99 Computers-Internet Price: $40.94 Your Savings: $ 24.05 ( 37% ) Subject To Change Without Notice Availability: Usually ships in 24 hours Manufacturer: Prentice Hall PTR
Average Customer Rating:
Binding: Hardcover Dewey Decimal Number: 005.8 EAN: 9780131463073 ISBN: 0131463071 Label: Prentice Hall PTR Manufacturer: Prentice Hall PTR Number Of Items: 1 Number Of Pages: 1088 Publication Date: 2005-10-24 Publisher: Prentice Hall PTR Studio: Prentice Hall PTR
Related Items Core J2EE Patterns: Best Practices and Design Strategies (2nd Edition) (Sun Core Series) Java Concurrency in Practice Spring in Action Java Persistence with Hibernate RESTful Web Services
Editorial Reviews: Praise for Core Security Patterns Java provides the application developer with essential security mechanisms and support in avoiding critical security bugs common in other languages. A language, however, can only go so far. The developer must understand the security requirements of the application and how to use the features Java provides in order to meet those requirements. Core Security Patterns addresses both aspects of security and will be a guide to developers everywhere in creating more secure applications. --Whitfield Diffie, inventor of Public-Key Cryptography A comprehensive book on Security Patterns, which are critical for secure programming. --Li Gong, former Chief Java Security Architect, Sun Microsystems, and coauthor of Inside Java 2 Platform Security As developers of existing applications, or future innovators that will drive the next generation of highly distributed applications, the patterns and best practices outlined in this book will be an important asset to your development efforts. --Joe Uniejewski, Chief Technology Officer and Senior Vice President, RSA Security, Inc.This book makes an important case for taking a proactive approach to security rather than relying on the reactive security approach common in the software industry. --Judy Lin, Executive Vice President, VeriSign, Inc. Core Security Patterns provides a comprehensive patterns-driven approach and methodology for effectively incorporating security into your applications. I recommend that every application developer keep a copy of this indispensable security reference by their side. --Bill Hamilton, author of ADO.NET Cookbook, ADO.NET in a Nutshell, and NUnit Pocket Reference As a trusted advisor, this book will serve as a Java developers security handbook, providing applied patterns and design strategies for securing Java applications. --Shaheen Nasirudheen, CISSP,Senior Technology Officer, JPMorgan Chase Like Core J2EE Patterns, this book delivers a proactive and patterns-driven approach for designing end-to-end security in your applications. Leveraging the authors strong security experience, they created a must-have book for any designer/developer looking to create secure applications.- -John Crupi, Distinguished Engineer, Sun Microsystems, coauthor of Core J2EE Patterns Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects todays best practices for security in large-scale, industrial-strength applications. The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and twenty-three proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using Smart Cards and Biometrics. Core Security Patterns covers all of the following, and more: *What works and what doesnt: J2EE application-security best practices, and common pitfalls to avoid*Implementing key Java platform security features in real-world applications*Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile*Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML*Designing secure personal identification solutions using Smart Cards and Biometrics*Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists*End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications
Spotlight customer reviews: Customer Rating: Summary: Very practical security book for java architects Comment: This is a great book - by far the best security design book for Java and J2EE I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications. This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for an experienced developer but a budding developer may find it uncomfortable. Having said that, I prefer this book as a must-have for any serious J2EE developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications. Customer Rating: Summary: Excellent Security Book for Java/J2EE Programmers and Architects Comment: This is a very comprehensive, well written and well-organized guide for securing Java and J2EE. Yes, it has everything - all done well - definitely worth a buy. If you are into Java based applications development and planning to work on application security assessment, development, testing ....and planning to live by it every day, you will learn a lot from this book, to re-evaluate the things with patterns and best-practices, and to genuinely improve your results knowing the pitfalls. If you are a Java applications developer, this book *will* help you guide with Java security mechanisms and where and apply them for building secure applications. If you are a security enthusiast, you will genuinely enjoy the time spent with this book, and you will find this brick handy more often than previously imagined. I strongly recommend this book for budding and experienced Java developers/architects who are involved with Java applications development, J2EE based web applications and web services. This book covers security mechanisms including Java 6 and Java EE5. Customer Rating: Summary: Poorly written Comment: Our book discussion group selected this book to review. Unfortunately after a couple months we agreed the value of this book was not sufficient to continue reading and discussing it. (We gave up in Chapter 9 - after skipping chapters 5, 6 and 7 because too many of the group were losing patience and wanted to get deeper into the book where we might find something of value.) Many interesting subjects are touched on, but nothing has enough depth to be of serious value. This is further hampered by poor writing and editing. There is a fair amount of "duplication" in this book where the same "nothing" is sometimes repeated. The code snippets are weak and not of much value. The bottom line is that while the subject is very interesting, the presentation in this book is so poor that it doesn't justify reading 1000+ dull pages. This book doesn't seem to have a target audience, it's too high level for developers, but gets into too low level details for management. It fails to be a good technical reference and at the same time fails as a concise overview to educate management decision makers. (Hint for authors: if your audience is management, keep it brief and to the point, management doesn't have time to read page after page of trivial commentary. If your audience is developers, the book needs to deliver solid technical information.) Customer Rating: Summary: Security design overview Comment: I prefer to be short.This book met my expectations. It is a good overview on latest the security designs. It doesn't go into the unnecessary details. It gave me some good ideas on my latest security system implementation.I used it a lot when I was writing my solution architecture design document. Customer Rating: Summary: Best Java Security Book for J2EE and Web Services. Comment: This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications. This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for a Java developer who is involved with Java enterprise applications and web services. The best practices and security checklist detailed in this book - helps a lot during development and when you want to deploy a J2EE application/web service in production. Having said that, I prefer this book as a must-have for any serious Java developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way using best practices (a long list) and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications and web services. More Reviews