Bhargav / Kumar | Secure Java | E-Book | www2.sack.de
E-Book

E-Book, Englisch, 308 Seiten

Bhargav / Kumar Secure Java

For Web Application Development
1. Auflage 2010
ISBN: 978-1-4398-2356-9
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

For Web Application Development

E-Book, Englisch, 308 Seiten

ISBN: 978-1-4398-2356-9
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Most security books on Java focus on cryptography and access control, but exclude key aspects such as coding practices, logging, and web application risk assessment. Encapsulating security requirements for web development with the Java programming platform, Secure Java: For Web Application Development covers secure programming, risk assessment, and threat modeling—explaining how to integrate these practices into a secure software development life cycle.

From the risk assessment phase to the proof of concept phase, the book details a secure web application development process. The authors provide in-depth implementation guidance and best practices for access control, cryptography, logging, secure coding, and authentication and authorization in web application development. Discussing the latest application exploits and vulnerabilities, they examine various options and protection mechanisms for securing web applications against these multifarious threats. The book is organized into four sections:

- Provides a clear view of the growing footprint of web applications

- Explores the foundations of secure web application development and the risk management process

- Delves into tactical web application security development with Java EE

- Deals extensively with security testing of web applications

This complete reference includes a case study of an e-commerce company facing web application security challenges, as well as specific techniques for testing the security of web applications. Highlighting state-of-the-art tools for web application security testing, it supplies valuable insight on how to meet important security compliance requirements, including PCI-DSS, PA-DSS, HIPAA, and GLBA. The book also includes an appendix that covers the application security guidelines for the payment card industry standards.

Bhargav / Kumar Secure Java jetzt bestellen!

Zielgruppe

Senior Java developers and Java architects, security and risk professionals, and IT managers.

Autoren/Hrsg.

Bhargav, Abhay
Kumar, B. V.

Fachgebiete

Weitere Infos & Material

The Internet Phenomenon
Evolution of the Internet and the World Wide Web Mainframe Era Client/Server Era Distributed Computing Architecture Internet and World Wide Web Era Problems with Web Architecture
Web Applications and Internet
Role and Significance of Java Technology in Web Applications
Security in Java Web Applications

Introducing Information Security
Information Security: The Need of the Hour The Need for Information Security The Motivation for Security
Some Basic Security Concepts The Pillars of SecurityThe CIA Triad Risk 101 Defense-in-Depth
Internet Security Incidents and Their Evolution The 1970s The 1980s The 1990s The 2000sPresent Day
SecurityMyths and Realities There Is No Insider Threat Hacking Is Really Difficult Geographic Location Is Hacker-Proof One Device Protects against All

Introducing Web Application Security
Web Applications in the Enterprise What Is a Web Application? Ubiquity of Web Applications Web Application Technologies Java as Mainstream Web Application Technology
Why Web Application Security? A Glimpse into Organizational Information Security The Need for Web Application Security
Web Application SecurityThe Challenges Client-Side Control and Trust Pangs of the Creator Flawed Application Life Cycle Awareness Legacy Code Business Case Issues

Web Application Security—A Case Study
The Business NeedAn E-Commerce Application The Company The Existing Application Environment Importance of Security Panthera’s Plan for Information Security
Outlining the Application Requirements The Request for Proposal
An Overview of the Application Development Process The Application Development Process

FOUNDATIONS OF A SECURE JAVA WEB APPLICATION

Insights into Web Application Security Risk
The Need for Web Application Security Risk Management Risk Management The Benefits of Risk Management for Web Applications Overview of the Risk Assessment Phase
System Characterization Process--Risk Assessment An Overview of the System Characterization Process Understanding Basic Application Architecture
Developing Security Policies for the Web Application A Broad Overview of Security Policies for the Web Application Security Compliance and Web Application Security
Threat Analysis Understanding and Categorizing Security Vulnerabilities Common Web Application Vulnerabilities Basic Understanding of Threats and Associated Concepts Threat Profiling and Threat Modeling
Risk Mitigation StrategyFormulation of Detailed Security Requirements for the Web Application
Risk Assessment for an Existing Web Application

Risk Assessment for the Typical E-Commerce Web Application
System Characterization of Panthera’s E-Commerce Application Identification of Critical Information Assets Practical Techniques to Identify Critical Information Assets Identified Critical Information Assets for Panthera’s Web Application User Roles and Access to Critical Information Assets Application Deployment Architecture and Environment
Security Policies for the Web Application and Requirements Panthera’s Security Policies
Threat Analysis Threat Profiling Threat Modeling
Risk Mitigation StrategyFormulation of Detailed Security Features for Panthera’s E-Commerce Application Authentication and Authorization Cryptographic Implementation for Panthera’s E-Commerce Application Logging Secure Coding Practices

BUILDING A SECURE JAVA WEB APPLICATION

Developing a Bulletproof Access Control System for a Java Web Application
Overview of Access Control Systems A Brief History/Evolution of Access Control Mechanisms An Overview of Access Control Access Control Models
Developing a Robust Access Control System for Web Applications Attacks against Web Application Access Control User CredentialsUsernames and Passwords SessionMaintaining a Secure State for Web Applications AuthorizationEffective Authorization for a Web Application Other Best Practices
Security Compliance and Web Application Access Control PCI-DSS
Implementing a Secure Authentication and Authorization System for a Java Web Application Java Security Overview Java Authentication and Authorization Services JAAS Core Process of Authentication Process of Authorization

Application Data Protection Techniques
Overview of Cryptography Evolution of Cryptography CryptographyTerminology and Definitions Symmetric and Asymmetric Cryptography Block Ciphers and Stream Ciphers Block Cipher Modes of Encryption Crypto Attacks
Crypto Implementation for Web Applications Data Protection with CryptographyA Primer A Study of Encryption Algorithms and Hashing Functions Implementation Implications of Encryption in Web Applications Key ManagementPrinciples and Practical Implementation Security Compliance and Cryptography
Java Implementation for Web Application Cryptography Implementation Independence Implementation Interoperability Algorithm Extensibility and Independence Architecture Details Core Classes, Interfaces, and Algorithms of JCA
Protection of Data-in-Transit History of Secure Socket Layer/Transport Layer Security
Java Secure Socket Extensions for Secure Data Transmissions Features of the JSSE Cryptography and JSSE Core Classes and Interfaces of JSSE Support Classes and Interfaces

Effective Application Monitoring: Security Logging for Web Applications
The Importance of Logging for Web ApplicationsA Primer Overview of Logging and Log Management Logging for SecurityThe Need of the Hour Need for Web Application Security Logging
Developing a Security Logging Mechanism for a Web Application The Constituents of a Web Application Security Log Web Application LoggingInformation to Be Logged Details to Be Omitted from Web Application Logs Application LoggingBest Practices
Security Compliance and Web Application Logging
Logging Implementation Using Java
Control Flow
The Core Classes and Interfaces

Secure Coding Practices for Java Web Applications
Java Secure Coding PracticesAn Overview A Case for Secure Coding Practices Java Secure Coding PracticesAn Introduction
Input Validation and Output Encoding The need for Input Validation and Output Encoding User Input Validation for Java Web Applications Java Implementation for Input Validation and Output Encoding
Secure Database Queries Need for Secure Database Access

TESTING JAVA WEB APPLICATIONS FOR SECURITY

Security Testing for Web Applications
Overview of Security Testing for Web Applications Security Testing for Web ApplicationsA Primer Need for Web Application Security Testing Security Testing Web ApplicationsSome Basic Truths Integration of Security Testing into Web Application Risk Management
Designing an Effective Web Application Security Testing Practice Approach to Web Application Security Testing Threat Models for Effective Security Testing Web Application Security TestingCritical Success Factors Security Testing for Web Applications and Security Compliance

Practical Web Application Security Testing
Web Application Vulnerability Assessment and Penetration Testing Approach to Practical Web Application Testing Tools and Technologies for Practical Security Testing
Practical Security Testing for Web Applications Information Gathering and Enumeration Testing Web Application for Access Control Testing Data Validation

Appendix A: Application Security Guidelines for the Payment Card Industry Standards (PCI-DSS and PA-DSS)

Index

Each chapter concludes with a Summary

Abhay Bhargav is the founder and CTO of we45 Solutions India Pvt. Ltd., an information security solutions company. As the CTO of we45, his primary role is to deliver information security consulting solutions for diverse clientele. He also oversees the information security research and application development activities of we45. He has performed security assessments for enterprises in various industires including banking, software development, retail, telecom, and legal. Previously, he was a security assessor for the payment card industry and has led several security assessments for payment card industry compliance.

He specializes in Web application security and has performed security testing and consulting engagements for a wide array of enterprises and governmental/quasi-governmental entities. He also possesses security code review, vulnerability assessment, and penetration testing experience. He has been involved in several such assessments for small and large clients from various industries.

Abhay is a regular speaker at industry events. He has spoken at the OWASP (Open Web Application Security Project) AppSec Conference in New York. He is a regular speaker at prestigious industry events such as the PCI Summit in Mumbai, December 2008, Business Technology Summit and events organized by the Confederation of Indian Industry (CII). He is also a trainer and has led several public workshops on information security subjects including PCI, PA-DSS, Web application security, and risk assessment.

Apart from his professional interests, Abhay is also a trained Carnatic classical flutist and vocalist. He is also a playwright who has an English comedy play to his writing credits. He blogs actively and maintains an information security blog. He writes articles on computer education for the rural youth on a weekly basis for a leading daily.
Dr. B. V. Kumar, currently the director at SESCon Technology Solutions, has a Masters in Technology from IIT Kanpur and a Ph.D. from IIT Kharagpur. He has more than 20 years of experience in the field of information technology at various levels and in organizations such as ComputerVision Corporation (Singapore), Parametric Technologies (Seoul, S. Korea), Sun Microsystems (India), and Infosys. Prior to SESCon, Dr. Kumar was director and chief architect at Cognizant Technology Solutions and was responsible for the research and development activities such as IP creation, technology evangelization, and branding and project support as well as new initiatives at Cognizant.

Dr. Kumar has been working on the enterprise technologies for more than 8 years, focusing on the new enterprise Java and Web services technologies. As a chief architect and director at SESCon Technology Solutions, Dr. Kumar is managing IP and asset creation, technology branding and evangelization, community development, project support, and educational services. Dr. Kumar has filed for two patents in the IT space and published many technological papers in international journals and conferences. He has coauthored Web Services: An Introduction (ISBN 0070593787), J2EE Architecture (ISBN 007059936X), and, more recently, Implementing SOA Using Java EE (ISBN 0321492153).

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.