| Core Security Patterns is a practitioners guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three Java security architects, the patterns-driven approach reflects todays best practices for security in large-scale, industrial-strength applications.
The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful, structured security methodology; a vendor-independent security framework; an assessment checklist; and twenty-three security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME applications; authenticate & authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using Smart Cards and Biometrics.
Core Security Patterns covers all of the following, and more: What works & what doesnt: J2EE application-security best practices, and common pitfalls to avoid; Implementing key Java platform security features in real-world applications; Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, & WS-I Basic security profile; Designing identity management & service provisioning systems using SAML, Liberty, XACML, and SPML; Designing secure personal identification solutions using Smart Cards & Biometrics; Security design methodology, patterns, best practices, reality checks, defensive strategies, & evaluation checklists; End-to-end security architecture case study: architecting, designing, & implementing an end-to-end security solution for large-scale applications. | |
