 |
Java Development for Secure Systems |
|
Chapter 1. Java SE Security
- Holistic Security Practices
- Threats to the User
- The Class Loader and Bytecode Verifier
- System Classes and the Core API
- SecurityManager and AccessController
- Permissions
- Implication
- CodeSources
- Policies
- Configuring Java SE Security
- Dynamic Policies
- Privileged Actions
Chapter 2. Code Signature and Key Management
- Encryption and Digital Signature
- Keystores
- Keys and Certificates
- Certificate Authorities
- The KeyStore API
- Signing JARs
- Signed CodeSources
- Additional Policy Semantics
Chapter 3. Secure Development Practices: Java SE
- Code Injection
- Final Classes and Methods
- Singletons, Factories, and Flyweights
- Methods, Collections, and Data Hiding
- Sealing JARs
- Code Obfuscation
- Object Serialization
Chapter 4. Cryptography
- Threats to Identity and Privacy
- The Java Cryptography Extensions
- The Signature Class
- SignedObjects
- The Java Cryptography Extensions
- SecretKeys and KeyGenerator
- The Cipher Class
- Dangerous Practices
- HTTP and JSSE
Chapter 5. JAAS
- Pluggable Authentication Logic
- JAAS
- Packages and Interfaces
- Subjects and Principals
- ANDs and ORs
- Impersonation Methods
- Permissions for JAAS Use
- LoginContext and LoginModule
- Configuring JAAS
- CallbackHandler and Callbacks
- Implementing a JAAS Client
- Implementing a LoginModule
Chapter 6. Java EE Security
- Java EE Servers as Code Hosts
- Tomcat Security Configuration
- Declaring Roles
- Securing URLs
- HTTP Authentication Schemes
- Securing EJBs
- Programmatic Security
- JAAS in Java EE
- Realms and LoginModules
- JAAS in Tomcat
- JACC
- Certifying a Java EE Application
- HTTPS Configuration
Chapter 7. Secure Development Practices: Java EE
- Presentation-Tier Vulnerabilities
- User Accounts
- MVC and Security
- Validating User Input
- SQL Injection
- Cross-Site Scripting
- Reflected XSS
- Defeating XSS
- OWASP
- Penetration Testing
- Error Handling and Information Leakage
- Logging and Auditing
|
|
|
