Difference between revisions of "Java Security Resources"

From OWASP
Jump to: navigation, search
m
(Reverting to last version not containing links to www.textbodartro.com)
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
==Books==
 
==Books==
* [http://www.awprofessional.com/bookstore/product.asp?isbn=0321118898&rl=1 Enterprise Java Security: Building Secure J2EE Applications] - A thorough look at the security features provided by Java and J2EE.  Not much coverage specifically for web application security, no mention of Cross Site Scripting or Response Splitting attacks.  No coverage of common frameworks such as Spring, Hibernate or EJB3. - [[User:Stephendv|Stephendv]] 03:42, 1 September 2006 (EDT)
+
* [http://www.coresecuritypatterns.com Core Security Patterns: Best practices and Strategies for J2EE, Web Services and Identity Management] - So far the best book for Java Security - An indepth guide for implementing Java security in J2EE applications, Web Services, Identity & Access Management, Provisioning and Strong authentication. Introducing Java security mechanisms from ground up, this book presents 21 security patterns and 101 best practices associated with securing J2EE architecture, Web Services and Identity Management. This book goes deep into nitty-gritty details of implementing Java cryptography, J2EE Security, Web Services security (WS-Security, XML-DSIG, XML-ENC), Single sign-on using SAML and XACML, Identity federation using Liberty standards, multi-factor authentication (Smartcards and Biometrics) using Java technologies.
* [http://www.j2ee-security.net/ J2EE Security] - Covers the security features offered by Java and J2EE.  Similar to other books on the subject, it makes the assumption that security=access control.  Not a lot of coverage for preventing common web attacks such as XSS. - [[User:Stephendv|Stephendv]] 03:42, 1 September 2006 (EDT)
+
* [http://www.awprofessional.com/bookstore/product.asp?isbn=0321118898&rl=1 Enterprise Java Security: Building Secure J2EE Applications] - A thorough look at the security features provided by Java and J2EE.  Not much coverage specifically for web application security, no mention of Cross Site Scripting or Response Splitting attacks.  No coverage of common frameworks such as Spring, Hibernate or EJB3.  
 +
* [http://www.j2ee-security.net/ J2EE Security] - Covers the security features offered by Java and J2EE.  Similar to other books on the subject, it makes the assumption that security=access control.  Not a lot of coverage for preventing common web attacks such as XSS.  
 
* [http://www.oreilly.com/catalog/javasec/ Java Security] - "... covers Java's security mechanisms and teaches you how to work with them. It discusses class loaders, security managers, access lists, digital signatures, and authentication and shows how to use these to create and enforce your own security policy. "
 
* [http://www.oreilly.com/catalog/javasec/ Java Security] - "... covers Java's security mechanisms and teaches you how to work with them. It discusses class loaders, security managers, access lists, digital signatures, and authentication and shows how to use these to create and enforce your own security policy. "
 
* [http://www.samspublishing.com/bookstore/product.asp?isbn=0672326388&rl=1 Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering] - "These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. "
 
* [http://www.samspublishing.com/bookstore/product.asp?isbn=0672326388&rl=1 Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering] - "These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. "
 +
* [http://www.theserverside.com/tt/articles/article.tss?l=GuideJavaBytecode The working developer's guide to Java Bytecode] - An article introducing basic concepts in understanding Java Bytecode.
 
[[Category:OWASP Java Project]]
 
[[Category:OWASP Java Project]]

Latest revision as of 13:29, 27 May 2009

Books

  • Core Security Patterns: Best practices and Strategies for J2EE, Web Services and Identity Management - So far the best book for Java Security - An indepth guide for implementing Java security in J2EE applications, Web Services, Identity & Access Management, Provisioning and Strong authentication. Introducing Java security mechanisms from ground up, this book presents 21 security patterns and 101 best practices associated with securing J2EE architecture, Web Services and Identity Management. This book goes deep into nitty-gritty details of implementing Java cryptography, J2EE Security, Web Services security (WS-Security, XML-DSIG, XML-ENC), Single sign-on using SAML and XACML, Identity federation using Liberty standards, multi-factor authentication (Smartcards and Biometrics) using Java technologies.
  • Enterprise Java Security: Building Secure J2EE Applications - A thorough look at the security features provided by Java and J2EE. Not much coverage specifically for web application security, no mention of Cross Site Scripting or Response Splitting attacks. No coverage of common frameworks such as Spring, Hibernate or EJB3.
  • J2EE Security - Covers the security features offered by Java and J2EE. Similar to other books on the subject, it makes the assumption that security=access control. Not a lot of coverage for preventing common web attacks such as XSS.
  • Java Security - "... covers Java's security mechanisms and teaches you how to work with them. It discusses class loaders, security managers, access lists, digital signatures, and authentication and shows how to use these to create and enforce your own security policy. "
  • Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering - "These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. "
  • The working developer's guide to Java Bytecode - An article introducing basic concepts in understanding Java Bytecode.