Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

Hacking Exposed J2EE and Java: Developing Secure Web Applications with Java Technology

Best in textbook rentals since 2012!

ISBN-10: 0072225653

ISBN-13: 9780072225655

Edition: 2002

Authors: Art Taylor, Brian Buege, Randy Layman

List price: $49.99
Blue ribbon 30 day, 100% satisfaction guarantee!
Marketplace
1 new & used from $46.82
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Safeguarding Web applications remains the most important aspect of security, in the midst of increased attacks via the Internet. This is a guide to Java and J2EE application security. It includes details on Java-specific attacks and case studies, along with implementation techniques and advice.
Customers also bought

Book details

List price: $49.99
Copyright year: 2002
Publisher: McGraw-Hill Osborne
Publication date: 9/24/2002
Binding: Paperback
Pages: 426
Size: 7.25" wide x 9.00" long x 1.25" tall
Weight: 1.936
Language: English

Brian Buege is an independent consultant with more than 11 years experience in the computer industry. He is a certified Java programmer and developer and a Sun Java Instructor.

Randy Layman has more than 5 years of Java development experience with a focus on enterprise systems.

Acknowledgmentsp. xiii
Introductionp. xv
Case Studyp. xxi
J2EE Architecture and Technology Introduction
The Java Basics: Security from the Ground Upp. 3
Java Then and Nowp. 4
Java Language Architecturep. 5
The Java Virtual Machinep. 5
An Interpreted Language: Java Bytecodesp. 6
The Java Class Loader and Built-in Securityp. 6
Other Language Featuresp. 7
Java Security Architecturep. 7
Protection Domainsp. 8
Security Controls for Java Class Loadingp. 10
Java Permissionsp. 12
Java Security Policiesp. 13
The Java Security Properties Filep. 14
The Java Security Policy Filep. 15
Security Manager Checkingp. 18
Java Principals and Subjectsp. 19
Summaryp. 20
Introduction to JAAS, JCE, and JSSEp. 21
Java Authentication and Authorization Services (JAAS)p. 22
JAAS Architecturep. 23
JAAS Authenticationp. 24
JAAS Authorizationp. 38
Java Encryptionp. 41
Encryption Fundamentalsp. 41
Java Cryptography Extension (JCE)p. 43
The Keytool Utilityp. 46
Java Secure Sockets Extension (JSSE)p. 48
SSL Fundamentalsp. 48
Library and Certificate Installationp. 49
JSSE Demonstration Programp. 50
Securing JAR Filesp. 56
The jarsigner Utilityp. 57
The Sealed Directivep. 57
Summaryp. 58
J2EE Architecture and Securityp. 59
Middleware and Distributed Software Componentsp. 60
Middleware Developmentp. 60
Multitiered Application Developmentp. 61
The Multitiered Environmentp. 62
J2EE Multitiered Technologiesp. 63
Web Tier Components: Servlets and JSPp. 65
Servletsp. 65
JSPp. 69
JSP Usep. 70
Business Tier Components: EJBsp. 71
Services Provided by the EJB Containerp. 71
Types of EJBsp. 73
EJB Deploymentp. 75
Development Roles with J2EEp. 75
EJB Developmentp. 78
Other J2EE APIsp. 85
EJB Security Architecturep. 87
Principals and Rolesp. 87
Declarative Security and Programmatic Securityp. 88
System-Level Securityp. 89
Security on the Presentation Tierp. 89
Security on the Business Tierp. 92
Defining Security Rolesp. 92
Mapping Rolesp. 93
Assigning Principals to Rolesp. 94
Security for Resourcesp. 95
Summaryp. 97
Java Application and Network Security
Using Encryption and Authentication to Protect an Applicationp. 101
Application Security: The Processp. 102
System-level versus Application-level Securityp. 102
Application Security Techniquesp. 103
The Dangers of Storing Data Locallyp. 104
Summaryp. 134
Software Piracy and Code Licensing Schemesp. 137
The Dangers of Code Misusep. 138
Another Licensing Strategyp. 147
Secret Key Storagep. 148
Summaryp. 156
The Exposure of Bytecodesp. 157
The Dangers of Reverse-Engineeringp. 158
The Dangers of Embedded Stringsp. 178
Summaryp. 180
Hacking Java Client-Server Applications: Another Tier to Attackp. 181
The Client-Server Implementationp. 182
The Dangers of A Client-Server Architecturep. 183
Watching the Basket: Application Database Securityp. 185
Securing the Database Connectionp. 187
Protecting the Client-Tierp. 201
Protecting Applet-based Clientsp. 213
Protecting WebStart-based Clientsp. 227
Summaryp. 233
Java Network Applications: Potential Security Flaw Attacksp. 235
The Dangers of RMIp. 236
The Original RMI Applicationp. 236
Encrypting the Account Number and Balancep. 245
Using an SSL Connection between the Client and Serverp. 252
Implementing Challenge/Response Authenticationp. 257
Using an Authenticated Communications Channelp. 260
The Dangers of Loading Class and JAR Files Remotelyp. 274
Summaryp. 276
J2EE Security on the Web and Business Tiers
This is .WAR: Exploiting Java Web Tier Componentsp. 279
The Sample Application: Web-Enabledp. 281
Implementing our Cache-Control Strategyp. 315
Summaryp. 319
Shaking the Foundation: Web Container Strengths and Weaknessesp. 321
The Effects of Directory Listingp. 322
The Invoker Servletp. 324
Stealing a Sessionp. 328
Generating a Server Keyp. 331
Enabling HTTPS in Tomcatp. 332
Testing the Installationp. 333
Adding a Transport Guaranteep. 334
Client Certificate Authenticationp. 335
Configuring Tomcat to use SSL with Client Authenticationp. 336
Container Authentication Using a Client Certificatep. 337
Dealing with Overlapping Application Rolesp. 342
Summaryp. 345
Java Web Services Securityp. 347
Web Services in Javap. 348
Web Services Technologiesp. 349
The Web Services Developer Packp. 350
The Web Services-Enabled Application Implementationp. 351
The Retirement Web Services Suite: Server Sidep. 352
The Retirement Web Services Suite: Client Sidep. 355
Web Services Application Vulnerabilitiesp. 358
Requiring SSL Connectionsp. 361
Implementing HTTP Authenticationp. 366
Disabling WSDL Distributionp. 368
Enabling Programmatic Authorizationp. 370
Passing Database Passwords As Context Parametersp. 373
Web Services Workflow Securityp. 374
The Future of Web Services Securityp. 378
SOAP Security Extensions: Digital Signaturep. 378
WS-Securityp. 379
Summaryp. 380
Enterprise Java Beans: Security for the Business Tierp. 381
The EJB Application Implementationp. 382
The EJB Persistence Servicep. 383
The Get and Set Balance Methodsp. 384
The Beansp. 385
EJB Application Vulnerabilitiesp. 389
Common Pitfalls When Using Message-Driven Beansp. 400
The Message-Driven Bean Implementationp. 401
Summaryp. 411
Indexp. 413
Table of Contents provided by Syndetics. All Rights Reserved.
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe