I was curious - does the book focus primarily on Java crypto APIs and "What is a Message Digest" and stuff like that - or does it also discuss known vulnerabilities that can be introduced by sloppy or naive coding practices, and how to bullet proof against them? Is there any mention of SQL injection (for example)? The importance of code reviews? "Best practices" for writing secure web services code?
Paul M. Santa Maria, SCJP
Marco Pistoia
Author
Greenhorn
Joined: Apr 19, 2004
Posts: 27
posted
0
The book does not focus primarily on the Java crypto APIs, even though Part IV of the book, "Enterprise Java and Cryptography" contains 4 chapters that cover everything you need to know if you need to use Java and crypto. The book covers also some best practices stuff, but I am afraid not as much as you are asking. We did not consider that the main purpose of the book. Therefore, we do not always discuss how to bullet proof against bad code practices, and we do not cover SQL injection. Marco Pistoia
Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
0
