Professional Java Security - Jess Garms

. .

Résumé :
Security is of huge importance to the computing industry - the growth in e-commerce has brought the topic from the shadows of high-level specialists into the public eye. Nowadays breaches in security for B2C based e-tailers are big news, and damage not only the reputation of the individual organization, but also confidence in the industry as a whole. Computer Security covers a multitude of areas ranging from low-level operating system security to higher-level application security. This book concentrates on the latter, and will show you how to protect your applications with cryptography and the Java security model. Beginning with simple examples and clear descriptions of different cryptography approaches, such as symmetric and asymmetric encryption, the book will build in complexity, through consideration of public key infrastructure and SSL, to provide a comprehensive set of solutions for the enterprise Java developer. Who is this Book For ? This book is aimed at intermediate to advanced Java programmers, familiar with the concepts underpinning distributed application development such as sockets, RMI, JDBC, and J2EE technologies, however no previous experience of security or cryptography is assumed. It concentrates on teaching approaches to security, developing an understanding on building cryptography into applications and, in so doing, illustrates how the key Java cryptography components can be employed. What does this book cover ? The core Java security architecture. Java security extensions - JCE, JAAS, and JSSE. Encryption and authentication. Applet, JSP, and EJB security. The application of SSL in Java applications. Database security. Designing and implementing a secure tiered application. Building a cryptographic provider.

Biographie:
Jess Garms is co-founder and Chief Technical Officer of ISNetworks, a company providing Java-based security software. He is responsible for coordinating development and investigating new technologies. Daniel Somerfield is CEO and co-founder of ISNetworks. He is responsible for strategic planning and software architecture for the company and its clients. Daniel manages projects for diverse companies, both national and international in scope.

Sommaire:

• Considering Security
• Secure Java Code
• Introduction to Cryptography and Cryptography Services in Java
• Symmetric Encryption
• Asymmetric Encryption and Key Agreement
• Message Digests, Digital Signatures, and Certificates
• The Core Java Security Model and Applet Security
• Additional Security Models in Java
• SSL
• Securing a Database
• Securing a Large Application
• Implementing Your Own Provider