Iron-Clad Java: Building Secure Web Applications (Paperback)

Jim Manico, August Detlefsen

  • 出版商: McGraw-Hill Education
  • 出版日期: 2014-09-09
  • 售價: $1,480
  • 貴賓價: 9.5$1,406
  • 語言: 英文
  • 頁數: 304
  • 裝訂: Paperback
  • ISBN: 0071835881
  • ISBN-13: 9780071835886
  • 相關分類: Java 程式語言
  • 海外代購書籍(需單獨結帳)



Proven Methods for Building Secure Java-Based Web Applications

Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills.

  • Establish secure authentication and session management processes
  • Implement a robust access control design for multi-tenant web applications
  • Defend against cross-site scripting, cross-site request forgery, and clickjacking
  • Protect sensitive data while it is stored or in transit
  • Prevent SQL injection and other injection attacks
  • Ensure safe file I/O and upload
  • Use effective logging, error handling, and intrusion detection methods
  • Follow a comprehensive secure software development lifecycle

"In this book, Jim Manico and August Detlefsen tackle security education from a technical perspective and bring their wealth of industry knowledge and experience to application designers. A significant amount of thought was given to include the most useful and relevant security content for designers to defend their applications. This is not a book about security theories, it’s the hard lessons learned from those who have been exploited, turned into actionable items for application designers, and condensed into print." ―From the Foreword by Milton Smith, Oracle Senior Principal Security Product Manager, Java



使用這本Oracle Press指南中描述的專家技術和開源庫,開發、部署和維護安全的Java應用程序。《Iron-Clad Java》介紹了從一開始就構建強大和安全應用程序所需的流程,並解釋了如何消除現有的安全漏洞。包括身份驗證、訪問控制、數據保護、攻擊預防、錯誤處理等最佳實踐。通過這本權威資源中提供的實用建議和實際示例,您將獲得寶貴的安全軟件工程技能。

  • 建立安全的身份驗證和會話管理流程

  • 為多租戶網絡應用程序實施強大的訪問控制設計

  • 防範跨站腳本、跨站請求偽造和點擊劫持

  • 在存儲或傳輸敏感數據時保護

  • 防止SQL注入和其他注入攻擊

  • 確保安全的文件I/O和上傳

  • 使用有效的日誌記錄、錯誤處理和入侵檢測方法

  • 遵循全面的安全軟件開發生命周期

在這本書中,Jim Manico和August Detlefsen從技術角度探討了安全教育,並將他們豐富的行業知識和經驗帶給應用程序設計師。他們充分考慮了包含最有用和相關的安全內容,以保護設計師的應用程序。這不是一本關於安全理論的書,而是從那些被利用的人那裡學到的寶貴經驗,轉化為應用程序設計師可以採取的具體措施,並以印刷形式呈現。- 米爾頓·史密斯(Milton Smith),Oracle高級主要安全產品經理,Java的序言