This book is meant to be a hands-on practitioner's guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management systems, and service provisioning solutions. It captures a wealth of experience about using patterns-driven and best practices-based approach to building trustworthy IT applications and services. The primary focus of the book is to introduce a security design methodology using a proven set of reusable design patterns, best practices, reality checks, defensive strategies, and assessment checklists that can be applied to securing J2EE applications, Web services, identity management, service provisioning, and personal identification.
The book presents a catalog of 23 new
patterns and 101 best practices, identifying use case scenarios,
architectural models, design strategies,
applied technologies, and validation processes. The best practices and reality checks provide hints on real-world deployment and end-user experience of what works and what does not. The book also describes the architecture, mechanisms, standards, technologies, and implementation principles of applying security in J2EE applications, Web services, identity management, service provisioning, and personal identification and explains the required fundamentals from the ground up.
Starting with an overview of today's business challenges—including the identification of security threats and exploits and an analysis of the importance of information security, security compliance, basic security concepts, and technologies, the book focuses in depthwith 15 Chapters on the following topics:
- Security mechanisms in J2SE, J2EE J2ME, and Java Card platforms (latest coverage includes security features from Java SE 6 and Java EE 5).
- Web services security standards and technologies
- Identity Management standards and technologies
- Service Provisioning standards and technologies
- Security design methodology, patterns, best practices, and reality checks.
- Security patterns and design strategies for J2EE applications.
- Security patterns and design strategies for Web services
- Security patterns and design strategies for Identity management
- Security patterns and design strategies for Service provisioning.
- Building a end-to-end security architecture – A real-world case study
- Secure personal identification strategies for using Smart cards and Biometrics.
The book emphasizes on the use of the Java platform and stresses its importance in developing and deploying secure applications and services.
Who should read this book ?
This book is meant for all security enthusiasts, architects, Java developers, and technical project managers who are involved with securing information systems and business applications. The book is also valuable for those who wish to learn basic security concepts and technologies related to Java applications, Web services, identity management, provisioning, and personal identification using Smart cards and Biometrics.
The book presumes that the reader has a basic conceptual knowledge of development and deployment of business applications using Java. We have attempted to write this book as an introduction to all security mechanisms used in the design, architecture, and development of applications using the Java platform. We intended our use of the methodology, patterns, best practices, and pitfalls to be an invaluable resource for answering the real-world IT security problems that software architects and developers face every day.
Thank you for choosing "Core Security Patterns"
Welcome to Core Security Patterns. We hope you enjoy reading this book as much as we enjoyed writing it. We trust that you will be able to adopt the theory, concepts, techniques, and approaches that we have discussed as you design, deploy, and upgrade the security of your IT systems—and keep your IT systems immune from all security risks and vulnerabilities in the future.
With "Core Security Patterns" as a trusted security advisor, you will learn how these architectural patterns and best practices fit in securing real world software development process, and how you can leverage them to solve your security and identity related problems.
Chris Steel, Ramesh Nagappan and Ray Lai.