Difference between revisions of "Java Security Resources"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
==Books==
 
==Books==
* Enterprise Java Security: Building Secure J2EE Applications -  
+
* [http://www.awprofessional.com/bookstore/product.asp?isbn=0321118898&rl=1 Enterprise Java Security: Building Secure J2EE Applications] - A thorough look at the security features provided by Java and J2EE.  Not much coverage specifically for web application security, no mention of Cross Site Scripting or Response Splitting attacks.  No coverage of common frameworks such as Spring, Hibernate or EJB3. [[User:Stephendv|Stephendv]] 03:42, 1 September 2006 (EDT)
 +
* [http://www.j2ee-security.net/ J2EE Security] - Covers the security features offered by Java and J2EE.  Similar to other books on the subject, it makes the assumption that security=access control.  Not a lot of coverage for preventing common web attacks such as XSS. [[User:Stephendv|Stephendv]] 03:42, 1 September 2006 (EDT)
 +
* [http://www.oreilly.com/catalog/javasec/ Java Security] - "... covers Java's security mechanisms and teaches you how to work with them. It discusses class loaders, security managers, access lists, digital signatures, and authentication and shows how to use these to create and enforce your own security policy. "
 +
 
 
[[Category:OWASP Java Project]]
 
[[Category:OWASP Java Project]]

Revision as of 02:42, 1 September 2006

Books

  • Enterprise Java Security: Building Secure J2EE Applications - A thorough look at the security features provided by Java and J2EE. Not much coverage specifically for web application security, no mention of Cross Site Scripting or Response Splitting attacks. No coverage of common frameworks such as Spring, Hibernate or EJB3. Stephendv 03:42, 1 September 2006 (EDT)
  • J2EE Security - Covers the security features offered by Java and J2EE. Similar to other books on the subject, it makes the assumption that security=access control. Not a lot of coverage for preventing common web attacks such as XSS. Stephendv 03:42, 1 September 2006 (EDT)
  • Java Security - "... covers Java's security mechanisms and teaches you how to work with them. It discusses class loaders, security managers, access lists, digital signatures, and authentication and shows how to use these to create and enforce your own security policy. "