Sold Out
Book Categories |
Acknowledgments | xiii | |
Introduction | xv | |
Case Study | xxi | |
Part I | J2EE Architecture and Technology Introduction | |
1 | The Java Basics: Security from the Ground Up | 3 |
Java Then and Now | 4 | |
Java Language Architecture | 5 | |
The Java Virtual Machine | 5 | |
An Interpreted Language: Java Bytecodes | 6 | |
The Java Class Loader and Built-in Security | 6 | |
Other Language Features | 7 | |
Java Security Architecture | 7 | |
Protection Domains | 8 | |
Security Controls for Java Class Loading | 10 | |
Java Permissions | 12 | |
Java Security Policies | 13 | |
The Java Security Properties File | 14 | |
The Java Security Policy File | 15 | |
Security Manager Checking | 18 | |
Java Principals and Subjects | 19 | |
Summary | 20 | |
2 | Introduction to JAAS, JCE, and JSSE | 21 |
Java Authentication and Authorization Services (JAAS) | 22 | |
JAAS Architecture | 23 | |
JAAS Authentication | 24 | |
JAAS Authorization | 38 | |
Java Encryption | 41 | |
Encryption Fundamentals | 41 | |
Java Cryptography Extension (JCE) | 43 | |
The Keytool Utility | 46 | |
Java Secure Sockets Extension (JSSE) | 48 | |
SSL Fundamentals | 48 | |
Library and Certificate Installation | 49 | |
JSSE Demonstration Program | 50 | |
Securing JAR Files | 56 | |
The jarsigner Utility | 57 | |
The Sealed Directive | 57 | |
Summary | 58 | |
3 | J2EE Architecture and Security | 59 |
Middleware and Distributed Software Components | 60 | |
Middleware Development | 60 | |
Multitiered Application Development | 61 | |
The Multitiered Environment | 62 | |
J2EE Multitiered Technologies | 63 | |
Web Tier Components: Servlets and JSP | 65 | |
Servlets | 65 | |
JSP | 69 | |
JSP Use | 70 | |
Business Tier Components: EJBs | 71 | |
Services Provided by the EJB Container | 71 | |
Types of EJBs | 73 | |
EJB Deployment | 75 | |
Development Roles with J2EE | 75 | |
EJB Development | 78 | |
Other J2EE APIs | 85 | |
EJB Security Architecture | 87 | |
Principals and Roles | 87 | |
Declarative Security and Programmatic Security | 88 | |
System-Level Security | 89 | |
Security on the Presentation Tier | 89 | |
Security on the Business Tier | 92 | |
Defining Security Roles | 92 | |
Mapping Roles | 93 | |
Assigning Principals to Roles | 94 | |
Security for Resources | 95 | |
Summary | 97 | |
Part II | Java Application and Network Security | |
4 | Using Encryption and Authentication to Protect an Application | 101 |
Application Security: The Process | 102 | |
System-level versus Application-level Security | 102 | |
Application Security Techniques | 103 | |
The Dangers of Storing Data Locally | 104 | |
Summary | 134 | |
5 | Software Piracy and Code Licensing Schemes | 137 |
The Dangers of Code Misuse | 138 | |
Another Licensing Strategy | 147 | |
Secret Key Storage | 148 | |
Summary | 156 | |
6 | The Exposure of Bytecodes | 157 |
The Dangers of Reverse-Engineering | 158 | |
The Dangers of Embedded Strings | 178 | |
Summary | 180 | |
7 | Hacking Java Client-Server Applications: Another Tier to Attack | 181 |
The Client-Server Implementation | 182 | |
The Dangers of A Client-Server Architecture | 183 | |
Watching the Basket: Application Database Security | 185 | |
Securing the Database Connection | 187 | |
Protecting the Client-Tier | 201 | |
Protecting Applet-based Clients | 213 | |
Protecting WebStart-based Clients | 227 | |
Summary | 233 | |
8 | Java Network Applications: Potential Security Flaw Attacks | 235 |
The Dangers of RMI | 236 | |
The Original RMI Application | 236 | |
Encrypting the Account Number and Balance | 245 | |
Using an SSL Connection between the Client and Server | 252 | |
Implementing Challenge/Response Authentication | 257 | |
Using an Authenticated Communications Channel | 260 | |
The Dangers of Loading Class and JAR Files Remotely | 274 | |
Summary | 276 | |
Part III | J2EE Security on the Web and Business Tiers | |
9 | This is .WAR: Exploiting Java Web Tier Components | 279 |
The Sample Application: Web-Enabled | 281 | |
Implementing our Cache-Control Strategy | 315 | |
Summary | 319 | |
10 | Shaking the Foundation: Web Container Strengths and Weaknesses | 321 |
The Effects of Directory Listing | 322 | |
The Invoker Servlet | 324 | |
Stealing a Session | 328 | |
Generating a Server Key | 331 | |
Enabling HTTPS in Tomcat | 332 | |
Testing the Installation | 333 | |
Adding a Transport Guarantee | 334 | |
Client Certificate Authentication | 335 | |
Configuring Tomcat to use SSL with Client Authentication | 336 | |
Container Authentication Using a Client Certificate | 337 | |
Dealing with Overlapping Application Roles | 342 | |
Summary | 345 | |
11 | Java Web Services Security | 347 |
Web Services in Java | 348 | |
Web Services Technologies | 349 | |
The Web Services Developer Pack | 350 | |
The Web Services-Enabled Application Implementation | 351 | |
The Retirement Web Services Suite: Server Side | 352 | |
The Retirement Web Services Suite: Client Side | 355 | |
Web Services Application Vulnerabilities | 358 | |
Requiring SSL Connections | 361 | |
Implementing HTTP Authentication | 366 | |
Disabling WSDL Distribution | 368 | |
Enabling Programmatic Authorization | 370 | |
Passing Database Passwords As Context Parameters | 373 | |
Web Services Workflow Security | 374 | |
The Future of Web Services Security | 378 | |
SOAP Security Extensions: Digital Signature | 378 | |
WS-Security | 379 | |
Summary | 380 | |
12 | Enterprise Java Beans: Security for the Business Tier | 381 |
The EJB Application Implementation | 382 | |
The EJB Persistence Service | 383 | |
The Get and Set Balance Methods | 384 | |
The Beans | 385 | |
EJB Application Vulnerabilities | 389 | |
Common Pitfalls When Using Message-Driven Beans | 400 | |
The Message-Driven Bean Implementation | 401 | |
Summary | 411 | |
Index | 413 |
Login|Complaints|Blog|Games|Digital Media|Souls|Obituary|Contact Us|FAQ
CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!! X
You must be logged in to add to WishlistX
This item is in your Wish ListX
This item is in your CollectionHacking Exposed J2ee & Java
X
This Item is in Your InventoryHacking Exposed J2ee & Java
X
You must be logged in to review the productsX
X
X
Add Hacking Exposed J2ee & Java, Application security is a highly complex topic with new vulnerabilities surfacing every day. Break-ins, fraud, sabotage, and DoS attacks are on the rise, and quickly evolving Java-based technology makes safeguarding enterprise applications more challengin, Hacking Exposed J2ee & Java to the inventory that you are selling on WonderClubX
X
Add Hacking Exposed J2ee & Java, Application security is a highly complex topic with new vulnerabilities surfacing every day. Break-ins, fraud, sabotage, and DoS attacks are on the rise, and quickly evolving Java-based technology makes safeguarding enterprise applications more challengin, Hacking Exposed J2ee & Java to your collection on WonderClub |