Hacking Exposed J2EE & Java

Art Taylor, Brian Buege, Randy Layman



Secure your Java and J2EE applications--from the hackers perspective

Application security is a highly complex topic with new vulnerabilities surfacing every day. Break-ins, fraud, sabotage, and DoS attacks are on the rise, and quickly evolving Java-based technology makes safeguarding enterprise applications more challenging than ever. Hacking Exposed J2EE & Java will show you, step-by-step, how to defend against the latest attacks by understanding the hackers methods and thought processes. Youll gain insight through examples of real-world attacks, both ordinary and sophisticated, and get valuable countermeasures to protect against them. Youll also find an in-depth case study with Java and J2EE security examples and actual working code incorporated throughout the book.

What youll learn:

  • The proven Hacking Exposed methodology to locate and patch vulnerable systems
  • How to apply effective security countermeasures to applications which use the following Java enterprise technologies:
    Servlets and Java Server Pages (JSPs); Enterprise Java Beans (EJBs); Web Services; Applets; Java Web Start; Remote Method Invocation (RMI); Java Message Service (JMS)
  • How to design a security strategy that extends throughout a multi-tiered J2EE architecture using J2SE 1.4 and J2EE 1.3
  • What common, but devastating, vulnerabilities exist within many J2EE applications
  • How to use the J2EE security architecture to create secure J2EE applications
  • How to use the Java security APIs, including the Java Authentication and Authorization Service (JAAS), the Java Cryptography Extension (JCE), and the Java Secure Socket Extension (JSSE)
  • How to create applications that proactively defend against malicious users, content manipulation, and other attacks.
  • Valuable tips for hardening J2EE applications based on the authors expertise


  Part I: Secure Java for the Enterprise
   Ch. 1: Java Security Basics
   Ch. 2: Java for the Enterprise: J2EE and the Web Application
  Part II: Java Application Security
   Ch. 3: The Malicious Applet and Friends
   Ch. 4: Java Client-Server Applications

  Part III: Java Network Security Issues
   Ch. 5: Java Network Applications: Potential Security Flaws

  Part IV: Java Security on the Web Tier
   Ch. 6: Hacking the Web Site: Exploiting Java Web Tier Components
   Ch. 7: Java Servlets and Java Server Pages: Security Flaws and Weaknesses

  Part V: Java Security on the Business Tier
   Ch. 8: Role Based Security: J2EE Security Realms
   Ch. 9: Controlling Resources
  Part VI: Appendices
    Appendix A: Example Application
    Appendix B: Firewalls
    Appendix C: Operating Systems Security
    Appendix D: Java Security Related APIs