Effective Enterprise Java

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the...

"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology" [Schneier01, xii]. To the casual...

Let's ignore the software world for just a second. If we're looking for good models of how to build secure systems, to at least a...

So you're convinced that you need to take security in your application seriously. Now what? Starting to read through the various security resources available (books,...

So you've finally got the big J2EE system done, ready for deployment into the production environment, and everybody's really excited. The CEO has promised major...

The Open Web Application Security Project (http://www.owasp.org), as mentioned in Item 60, is an open-source collaborative effort designed to help organizations (particularly, as of this...

Ever since JDK 1.0, one of Java's principal strengths has been its deep relationship with the idea of lacing security directly within the language and...

Authentication is pretty easy to recognize: it's the act of somebody attempting to prove his or her identity to the system, usually by presenting a...

Frequently, serializable data travels over media we don't trust inherently (which, by the way, should be all of them—see Item 60). For example, authentication or...

Not only do we need to make sure that serialized data isn't tampered with across an insecure medium (see Item 60), but frequently we need...

So you've read Item 62 and decided to make use of the underlying platform security model to help build authorization into the system (and perhaps...