Iron-Clad Java: Building Secure Web Applications
- 4h 10m
- August Detlefsen, Jim Manico
- Oracle Press
- 2014
Proven Methods for Building Secure Java-Based Web Applications
Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills.
- Establish secure authentication and session management processes
- Implement a robust access control design for multi-tenant web applications
- Defend against cross-site scripting, cross-site request forgery, and clickjacking
- Protect sensitive data while it is stored or in transit
- Prevent SQL injection and other injection attacks
- Ensure safe file I/O and upload
- Use effective logging, error handling, and intrusion detection methods
- Follow a comprehensive secure software development lifecycle
About the Authors
Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.
August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.
In this Book
-
Web Application Security Basics
-
Authentication and Session Management
-
Access Control
-
Cross-Site Scripting Defense
-
Cross-Site Request Forgery Defense and Clickjacking
-
Protecting Sensitive Data
-
SQL Injection and Other Injection Attacks
-
Safe File Upload and File I/O
-
Logging, Error Handling, and Intrusion Detection
-
Secure Software Development Lifecycle