A
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Ability to verify (ATV) probability abort method Abstract Factory pattern Abstract objects Abstraction layers Access control 2nd Assertion Builder pattern broken Business tier patterns 2nd DMTF EPAL for smart cards IETF Policy Management Working Group J2EE management services 2nd Parlay Group physical and logical Web services 2nd Access control lists (ACLs) J2EE JMS Access points in case study AccessController class Accountability, checklist for Accounts. [See User account provisioning] Accuracy of biometric verification ACLs (access control lists) J2EE JMS Actions in Parlay Active RFID tags Activities in Secure UP Actors in use cases Add operation in SPML Add-on, security as addListener method AddResponse message Administration in biometric systems in Web tier patterns reality checks for Administrator privileges Advanced Encryption Standard (AES) 2nd 3rd Advice in SAML assertions Advisory policies Agent-based and agentless architecture for user account provisioning Agent-based authentication 2nd Agent-based policy enforcement Aggregation, service Alchemy of security design conclusion framework adoption rationale reality checks. [See Reality checks] refactoring references Secure UP artifacts in risk analysis trade-off analysis security patterns. [See Security patterns] service continuity and recovery testing ALE (Annual Loss Expectancy) 2nd Alerts SSL Web services patterns AlgorithmParameter class AlgorithmParameterGenerator class Alteration attacks SAML Secure Logger pattern 2nd Annual Loss Expectancy (ALE) 2nd Anonymous EJB resources AOP (Aspect Oriented Programming) techniques Apache Struts in form validation XML in Web data validation with SecureBaseAction with SimpleFormAction APDUs (Application Protocol Data Units) APIs BioAPI CertPath JAAS Java Java Card JCA JCE JSSE SAAJ 2nd 3rd SASL Vendor-specific Applets for smart cards Java Card signed Appletviewers Appliances firewall strategies for XML-aware Application Controller Application data messages in SSL Application Protocol Data Units (APDUs) Application Requests Application security assessment model Application Security Providers Application-based authentication Applications and application security access control as weakest links audit and logging authentication buffer overflow CLDC coding problems configuration data cross-site scripting data injection flaws data transit and storage deployment problems DOS and DDOS attacks encryption error handling in case study input validation failures Intercepting Web Agent pattern J2EE JSSE man-in-the-middle attacks multiple sign-ons output sanitation password exploits policies Secure Pipe pattern security provisioning patterns security tokens servers for biometrics for smart cards in use cases session identifiers session theft Web tier patterns Applying security patterns Architecture in case study 2nd in security patterns Authentication Enforcer Business tier Intercepting Validator Intercepting Web Agent Secure Base Action Secure Service Proxy inefficiencies J2EE J2ME Java Liberty Alliance patterns-driven security design personal identification systems biometrics smart cards risk analysis SAML 2nd Secure UP 2nd user account provisioning centralized model vs. decentralized components of logical Web services XACML Artifact Resolution Profile Artifacts in Secure UP Aspect Oriented Programming (AOP) techniques Assemblers, J2EE Assertion Builder pattern 2nd and Single Sign-on Delegator pattern 2nd consequences forces in service provisioning in single sign-on participants and responsibilities problem reality check related patterns sample code security factors and risks solution strategies structure Assertion class Assertion Query/Request profile AssertionContext class AssertionContextImpl class 2nd Assertions Java System Access Manager SAML attribute authentication 2nd authorization WS-Policy WS-Security assertRequest method Assessment checklists Asset valuation Asymmetric ciphers Attachments in SOAP messages Attack trees AttributeQuery class Attributes J2EE SAML assertion 2nd authority 2nd mapping profile repository Secure Service Facade pattern XACML 2nd AttributeStatement class 2nd ATV (ability to verify) probability Audit Interceptor pattern 2nd 3rd and Message Inspector pattern consequences forces in case study 2nd 3rd 4th participants and responsibilities problem reality check related patterns sample code security factors and risks solution strategies structure audit method AuditClient.java file Auditing Assertion Builder pattern Audit Interceptor pattern. [See Audit Interceptor pattern] biometrics Business tier patterns 2nd 3rd Dynamic Service Management pattern failures in identity management 2nd 3rd Secure Service Facade pattern Secure UP 2nd Security Wheel Single Sign-on Delegator pattern Web services 2nd Web tier patterns 2nd AuditLog class 2nd AuditLogJdbcDAO class AuditRequestMessageBean.java file Authentication assessment checklists biometrics 2nd 3rd 4th broken 2nd 3rd in case study in security patterns Assertion Builder 2nd Authentication Enforcer. [See Authentication Enforcer pattern] Business tier Dynamic Service Management Intercepting Web Agent Password Synchronizer Policy Delegate Secure Base Action Secure Service Facade Secure Session Object Web tier in trust model J2EE 2nd agent-based 2nd application-based container-based declarative programmatic Web tier JAAS classes for in clients LoginModule for 2nd web-tier Java code JMS JSSE Liberty Alliance sessions multi-factor personal identification SAML 2nd assertions in 2nd 3rd third-party Security services Security Wheel smart cards 2nd 3rd Web services Authentication Enforcer pattern consequences forces in case study 2nd 3rd 4th 5th participants and responsibilities problem reality checks in related patterns Container Managed Security Secure Base Action sample code security factors and risk in solution strategies in structure Authentication provider-based strategy Authentication Enforcer pattern JAAS Login Module Authentication Request protocol AuthenticationEnforcer class AuthenticationInstant class AuthenticationProvider class AuthenticationStatement class Authoritative Source of Data pattern Authorization classes for in security patterns Dynamic Service Management Intercepting Web Agent Policy Delegate Secure Base Action Secure Session Object J2EE 2nd 3rd declarative programmatic Web tier JAAS implementing strategy SAML 2nd 3rd Security services Security Wheel trust model Web services XACML 2.0 Authorization and Access Control service Authorization Enforcer pattern consequences forces participants and responsibilities problem reality check related patterns security factors and risks solution strategies structure Authorization providers AuthorizationEnforcer class AuthPermission class Automated back-out strategy Automated password retry Availability identity management patterns in case study in use cases J2EE network topology Message Interceptor Gateway pattern Secure Message Router pattern security provisioning patterns Security Wheel Web services |
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 204
Pages: 204