Core Security Patterns is the hands-on practitioner™s guide to building robust end-to-end security into J2EE™ enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects today™s best practices for security in large-scale, industrial-strength applications.
The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and twenty-three proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME™ applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using Smart Cards and Biometrics.
Core Security Patterns covers all of the following, and more:
- What works and what doesn™t: J2EE application-security best practices, and common pitfalls to avoid
- Implementing key Java platform security features in real-world applications
- Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile
- Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML
- Designing secure personal identification solutions using Smart Cards and Biometrics
- Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists
- End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications
Tidak ada komentar:
Posting Komentar