This book is meant to be a hands-on practitioner's guide to security. It captures a wealth of experience about using patterns-driven and best practices-based approaches to building trustworthy IT applications and services. The primary focus of the book is on the introduction of a security design methodology using a proven set of reusable patterns, best practices, reality checks, defensive strategies, and assessment checklists that can be applied to securing J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification. The book presents a catalog of 23 new security patterns and 101 best practices, identifying use case scenarios, architectural models, design strategies, applied technologies, and validation processes. The best practices and reality checks provide hints on real-world deployment and end-user experience of what works and what does not. The book also describes the architecture, mechanisms, standards, technologies, and implementation principles of applying security in J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification and explains the required fundamentals from the ground up. Starting with an overview of today's business challenges, including the identification of security threats and exploits and an analysis of the importance of information security, security compliance, basic security concepts, and technologies, the book focuses in depth on the following topics:
The book emphasizes the use of the Java platform and stresses its importance in developing and deploying secure applications and services. |