Book description
Proven Methods for Building Secure Java-Based Web Applications
Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills.
- Establish secure authentication and session management processes
- Implement a robust access control design for multi-tenant web applications
- Defend against cross-site scripting, cross-site request forgery, and clickjacking
- Protect sensitive data while it is stored or in transit
- Prevent SQL injection and other injection attacks
- Ensure safe file I/O and upload
- Use effective logging, error handling, and intrusion detection methods
- Follow a comprehensive secure software development lifecycle
"In this book, Jim Manico and August Detlefsen tackle security education from a technical perspective and bring their wealth of industry knowledge and experience to application designers. A significant amount of thought was given to include the most useful and relevant security content for designers to defend their applications. This is not a book about security theories, it’s the hard lessons learned from those who have been exploited, turned into actionable items for application designers, and condensed into print." —From the Foreword by Milton Smith, Oracle Senior Principal Security Product Manager, Java
Table of contents
- Cover
- Title
- Copyright Page
- Contents
- Dedication
- Foreword
- Acknowledgments
- Introduction
- 1 Web Application Security Basics
-
2 Authentication and Session Management
- Registration of New Users
-
The Basic Flow of the Login Process and Session Management
- Login Workflow Step 1: Anonymous Session Created on First Hit
- Login Workflow Step 2: Starting HTTPS and Encryption in Transit
- Login Workflow Step 3: Processing and Verifying Credentials
- Login Workflow Step 4: Start the User’s Authenticated Session
- Login Workflow Step 5: Do Cool Things
- Login Workflow Step 6: Potential Re-Authentication for Sensitive Operations
- Login Workflow Step 7: Idle Timeout
- Login Workflow Step 8: Absolute Timeout
- Login Workflow Step 9: Logout
- Attacks Against Authentication
- Secure Cookie Properties for Session Management
- Credential Security
- Username Harvesting
- Brute Force Attacks, Account Lockout, and Multi-Factor Revisited
- Remember Me Feature
- Multi-Factor Authentication
- Federated Identity and SAML
- OAuth Basics
- Additional Reading
- Summary
- 3 Access Control
- 4 Cross-Site Scripting Defense
- 5 Cross-Site Request Forgery Defense and Clickjacking
- 6 Protecting Sensitive Data
-
7 SQL Injection and Other Injection Attacks
- What Is SQL Injection?
- Other SQL Injection Examples
- Query Parameterization
- SQL Injection and Stored Procedures
- Defense in Depth
- Input Validation and Type Safety
- DAO Pattern and Access Control Considerations
- SQL Injection and Object Relational Mapping
- Other Forms of Injection
- Dangerous Characters in Input
- Summary
- 8 Safe File Upload and File I/O
- 9 Logging, Error Handling, and Intrusion Detection
- 10 Secure Software Development Lifecycle
- A Resources
- Index
Product information
- Title: Iron-Clad Java
- Author(s):
- Release date: September 2014
- Publisher(s): McGraw Hill Computing
- ISBN: 9780071835893
You might also like
book
Head First Java, 3rd Edition
What will you learn from this book? Head First Java is a complete learning experience in …
book
Head First Java, 2nd Edition
Learning a complex new language is no easy task especially when it s an object-oriented computer …
book
Core Java, Vol. II-Advanced Features, 12th Edition
The Classic Guide to Advanced Java Programming: Fully Updated for Java 17 Core Java is the …
book
Head First Design Patterns, 2nd Edition
What will you learn from this book? You know you don't want to reinvent the wheel, …