Secure Java
by Abhay Bhargav; B. V. KumarFormat: Nonspecific Binding
Pub. Date: 2010-09-14
Publisher(s): Taylor & Francis
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $230.00
Buy New
Usually Ships in 5-7 Business Days
$229.77
Rent Textbook
Select for Price
Rent Digital
$75.90
Used Textbook
We're Sorry
Sold Out
Summary
Most security books on Java focus on cryptography and access control, but exclude key aspects such as coding practices, logging, and Web application risk assessment. Encapsulating security requirements for Web development with the Java programming platform, Secure Java: For Web Application Development covers secure programming, risk assessment, and threat modeling'”explaining how to integrate these practices into a secure software development life cycle.From the risk assessment phase to the proof of concept phase, the book details a secure Web application development process. The authors provide in-depth implementation guidance and best practices for access control, cryptography, logging, secure coding, and authentication and authorization in Web application development. Discussing the latest application exploits and vulnerabilities, they examine various options and protection mechanisms for securing Web applications against these multifarious threats. The book is organized into four sections:Provides a clear view of the growing footprint of Web applications Explores the foundations of secure Web application development and the risk management process Delves into tactical Web application security development with Java EE Deals extensively with security testing of Web applicationsThis complete reference includes a case study of an e-commerce company facing Web application security challenges, as well as specific techniques for testing the security of Web applications. Highlighting state-of-the-art tools for Web application security testing, it supplies valuable insight on how to meet important security compliance requirements, including PCI-DSS, PA-DSS, HIPAA, and GLBA. The book also includes an appendix that covers the application security guidelines for the payment card industry standards.
Table of Contents
| The Internet Phenomenon | |
| Evolution of the Internet and the World Wide Web | |
| Mainframe Era | |
| Client/Server Era | |
| Distributed Computing Architecture | |
| Internet and World Wide Web Era | |
| Problems with Web Architecture | |
| Web Applications and Internet | |
| Role and Significance of Java Technology in Web Applications | |
| Security in Java Web Applications | |
| Introducing Information Security | |
| Information Security: The Need of the Hour | |
| The Need for Information Security | |
| The Motivation for Security | |
| Some Basic Security Concepts | |
| The Pillars of SecurityThe CIA Triad | |
| Risk 101 | |
| Defense-in-Depth | |
| Internet Security Incidents and Their Evolution | |
| The 1970s | |
| The 1980s | |
| The 1990s | |
| The 2000sPresent Day | |
| SecurityMyths and Realities | |
| There Is No Insider Threat | |
| Hacking Is Really Difficult | |
| Geographic Location Is Hacker-Proof | |
| One Device Protects against All | |
| Introducing Web Application Security | |
| Web Applications in the Enterprise | |
| What Is a Web Application? | |
| Ubiquity of Web Applications | |
| Web Application Technologies | |
| Java as Mainstream Web Application Technology | |
| Why Web Application Security? | |
| A Glimpse into Organizational Information Security | |
| The Need for Web Application Security | |
| Web Application Security | |
| The Challenges | |
| Client-Side Control and Trust | |
| Pangs of the Creator | |
| Flawed Application Life Cycle | |
| Awareness | |
| Legacy Code | |
| Business Case Issues | |
| Web Application Security-A Case Study | |
| The Business NeedAn E-Commerce Application | |
| The Company | |
| The Existing Application Environment | |
| Importance of Security | |
| Panthera's Plan for Information Security | |
| Outlining the Application Requirements | |
| The Request for Proposal | |
| An Overview of the Application Development Process | |
| The Application Development Process | |
| Foundations Of a Secure Java Web Application | |
| Insights into Web Application Security Risk | |
| The Need for Web Application Security Risk Management | |
| Risk Management | |
| The Benefits of Risk Management for Web Applications | |
| Overview of the Risk Assessment Phase | |
| System Characterization Process--Risk Assessment | |
| An Overview of the System Characterization Process | |
| Understanding Basic Application Architecture | |
| Developing Security Policies for the Web Application | |
| A Broad Overview of Security Policies for the Web Application | |
| Security Compliance and Web Application Security | |
| Threat Analysis | |
| Understanding and Categorizing Security Vulnerabilities | |
| Common Web Application Vulnerabilities | |
| Basic Understanding of Threats and Associated Concepts | |
| Threat Profiling and Threat Modeling | |
| Risk Mitigation StrategyFormulation of Detailed Security Requirements for the Web Application | |
| Risk Assessment for an Existing Web Application | |
| Risk Assessment for the Typical E-Commerce Web Application | |
| System Characterization of Panthera's E-Commerce Application | |
| Identification of Critical Information Assets | |
| Practical Techniques to Identify Critical Information Assets | |
| Identified Critical Information Assets for Panthera's Web Application | |
| User Roles and Access to Critical Information Assets | |
| Application Deployment Architecture and Environment | |
| Security Policies for the Web Application and Requirements | |
| Panthera's Security Policies | |
| Threat Analysis | |
| Threat Profiling | |
| Threat Modeling | |
| Risk Mitigation StrategyFormulation of Detailed Security Features for Panthera's E-Commerce Application | |
| Authentication and Authorization | |
| Cryptographic Implementation for Panthera's E-Commerce Application | |
| Logging | |
| Secure Coding Practices | |
| Building a Secure Java Web Application | |
| Developing a Bulletproof Access Control System for a Java Web Application | |
| Overview of Access Control Systems | |
| A Brief History/Evolution of Access Control Mechanisms | |
| An Overview of Access Control | |
| Access Control Models | |
| Developing a Robust Access Control System for Web Applications | |
| Attacks against Web Application Access Control | |
| User CredentialsUsernames and Passwords | |
| SessionMaintaining a Secure State for Web Applications | |
| AuthorizationEffective Authorization for a Web Application | |
| Other Best Practices | |
| Security Compliance and Web Application Access Control | |
| PCI-DSS | |
| Implementing a Secure Authentication and Authorization System for a Java Web Application | |
| Java Security Overview | |
| Java Authentication and Authorization Services | |
| JAAS Core | |
| Process of Authentication | |
| Process of Authorization | |
| Application Data Protection Techniques | |
| Overview of Cryptography | |
| Evolution of Cryptography | |
| CryptographyTerminology and Definitions | |
| Symmetric and Asymmetric Cryptography | |
| Block Ciphers and Stream Ciphers | |
| Block Cipher Modes of Encryption | |
| Crypto Attacks | |
| Crypto Implementation for Web Applications | |
| Data Protection with CryptographyA Primer | |
| A Study of Encryption Algorithms and Hashing Functions | |
| Implementation Implications of Encryption in Web Applications | |
| Key ManagementPrinciples and Practical Implementation | |
| Security Compliance and Cryptography | |
| Java Implementation for Web Application Cryptography | |
| Implementation Independence | |
| Implementation Interoperability | |
| Algorithm Extensibility and Independence | |
| Architecture Details | |
| Core Classes, Interfaces, and Algorithms of JCA | |
| Protection of Data-in-Transit | |
| History of Secure Socket Layer/Transport Layer Security | |
| Java Secure Socket Extensions for Secure Data Transmissions | |
| Features of the JSSE | |
| Cryptography and JSSE | |
| Core Classes and Interfaces of JSSE | |
| Support Classes and Interfaces | |
| Effective Application Monitoring: Security Logging for Web Applications | |
| The Importance of Logging for Web ApplicationsA Primer | |
| Overview of Logging and Log Management | |
| Logging for SecurityThe Need of the Hour | |
| Need for Web Application Security Logging | |
| Developing a Security Logging Mechanism for a Web Application | |
| The Constituents of a Web Application Security Log | |
| Web Application LoggingInformation to Be Logged | |
| Details to Be Omitted from Web Application Logs | |
| Application LoggingBest Practices | |
| Security Compliance and Web Application Logging | |
| Logging Implementation Using Java | |
| Control Flow | |
| The Core Classes and Interfaces | |
| Secure Coding Practices for Java Web Applications | |
| Java Secure Coding PracticesAn Overview | |
| A Case for Secure Coding Practices | |
| Java Secure Coding PracticesAn Introduction | |
| Input Validation and Output Encoding | |
| The need for Input Validation and Output Encoding | |
| User Input Validation for Java Web Applications | |
| Java Implementation for Input Validation and Output Encoding | |
| Secure Database Queries | |
| Need for Secure Database Access | |
| Testing Java Web Applications for Security | |
| Security Testing for Web Applications | |
| Overview of Security Testing for Web Applications | |
| Security Testing for Web ApplicationsA Primer | |
| Need for Web Application Security Testing | |
| Security Testing Web ApplicationsSome Basic Truths | |
| Integration of Security Testing into Web Application Risk Management | |
| Designing an Effective Web Application Security Testing Practice | |
| Approach to Web Application Security Testing | |
| Threat Models for Effective Security Testing | |
| Web Application Security TestingCritical Success Factors | |
| Security Testing for Web Applications and Security Compliance | |
| Practical Web Application Security Testing | |
| Web Application Vulnerability Assessment and Penetration Testing | |
| Approach to Practical Web Application Testing | |
| Tools and Technologies for Practical Security Testing | |
| Practical Security Testing for Web Applications | |
| Information Gathering and Enumeration | |
| Testing Web Application for Access Control | |
| sting Data Validation | |
| Application Security Guidelines for the Payment Card Industry Standards (PCI-DSS and PA-DSS) | |
| Index | |
| Table of Contents provided by Publisher. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.