What experts say about "Core Security Patterns" ?
“Java is a language designed with security in mind. It provides the application developer with essential security mechanisms and support in avoiding critical security bugs common in other languages. A language, however, can only go so far. The developer must understand the security requirements of the application and how to use the features Java provides in order to meet those requirements. Core Security Patterns by Lai, Nagappan and Steel addresses both aspects of security and will be a guide to developers everywhere in creating more secure applications.”
- Dr. Whitfield Diffie,
Inventor of Public-key Cryptography.
“From the ground up, the Java platform is designed for security. Read this book to learn how to apply patterns and proven technologies to secure your J2EE applications and beyond”
- Dr. James Gosling,
Father of Java Programming Language
“A Comprehensive book on Security Patterns, which are critical for secure programming”
- Li Gong, Former Chief Java Security Architect,
Co-Author, Inside Java 2 Platform Security
"Like Core J2EE Patterns, this book delivers a proactive and patterns-driven approach for designing end-to-end security in your applications. Leveraging the authors' strong security experience, they created a must-have book for any designer/developer looking to create secure applications."
- John Crupi ,
Distinguished Engineer, Sun Microsystems - Co-Author of Core J2EE Patterns
"As developers of existing applications, or future innovators that will drive the next generation of highly distributed applications, the patterns and best practices outlined in this book will be an important asset to your development efforts".
- Joe Uniejewski,
Chief Technology Officer, Sr.Vice President
RSA Security Inc.
"This book makes an important case for taking a proactive approach to security rather than relying on the reactive security approach common in the software industry".
- Judy Lin,
Executive Vice President,
“This book provides a comprehensive patterns-driven approach and methodology for effectively incorporating security into your applications. I recommend that every application developer keep a copy of this indespensible security reference by their side.”
- Bill Hamilton, Author of ADO.NET Cookbook, ADO.NET in a Nutshell, NUnit Pocket Reference
"As a trusted advisory, this book will serve as a Java Developer's security handbook providing applied patterns and design strategies for securing Java applications."
"The two reference books that I found most valuable were “Core Security Patterns: Best Practices and Strategies for J2EE, Web Services and Identity Management”, by Christopher Steel, Ramesh Nagappan and Ray Lai and “The Unified Modeling Language User Guide Second Edition” by Grady Booch, James Rumbaugh and Ivar Jacobson. The need for security to be incorporated into our computer systems is obvious, and each new issue of a UML book by the three amigos is one that I will use and reuse".
- Shaheen Nasirudheen CISSP,
- Charles Ashbacher,
“My best books of the Year 2005”,
in JOT - Journal of Object Technology, vol. 5, no. 1,
January-February, pp159-161, http://www.jot.fm/books/review18
JOT is published by Swedish Federal Institute of Technology, Zurich
Author of "Applying Domain-Driven Design and Patterns"
".NET Enterprise Design"
(JRoller - JavaLobby Community Weblog)
Feb 01, 2006
One of the more enlightening discussions included Trust scenarios when calling from the Web Tier into the Business tier/Web Services tier requires that security info be propagated from the client and patterns/design strategies for secure logging.
This book is highly recommended."
Read the complete review at Weblog
"If you are involved in java/ Java 2 Platform, Enterprise Edition (J2EE) development/architecture design or security testing, this book is a must to have. Written by three of the top security gurus in the field, it contains everything you might need to know on security aspects in the Java/J2EE environment. Although it is a technical book, the way the authors explain their subject matter makes this book valuable to all, not only to the J2EE/Java specialists amongst us. It does, however, require basic knowledge of the environment and implementation architectures. The book is definitely written for developers and architects.
The typical security issues a java developer deals with on a day-to-day basis are covered and very well explained. This will allow a team to develop secure applications from the word ‘go’ rather than having security built in after completion of the security assessment of the application.
I would definitely advise each J2EE development team to at least have one copy of this book in its library (and have all team members be familiar with the content). This book is a must have if you are involved in any security testing in a Java/J2EE architecture environment."
Test Focus, South Africa
I recommend this book for everyone who wants to know everything about security in Java applications. I like "Chapter 1: Security by Default" and "Chapter 2: Basics of Security", they are a good introduction to security concepts. I found in this book a better way to express what I always think about the way some sysadmins take care of security,... they only pay attention to application security! It shows some interesting best practices and strategies to secure java applications and also web services. If you take care of security, you must buy this book.Abner Ballardo Urco