File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

IT Security, and certifications

 
Jesus Angeles
Ranch Hand
Posts: 2068
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Im just searching for a nice addition to my skills.

Besides sounding cool, and probably being the highest-paid career (just like 'physical' security), IT security industry is a nice one.

Any comment about the following (which I am considering because I can get sponsorship on these 2)?

1. Computer Hacking Forensic Investigator (CHFI)
2. Certified Information Systems Security Professional (CISSP)

Any comment on these, or anything on it security in general, as a job, is appreciated.
 
Sai Venkat
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even I am looking at Security certifications related to the programming - java and web application. Where you able to find any information on how useful are those and also any pointers where we can find the material to go over? Any inputs will be really appriciated.

Thanks.
 
Jayr Motta
Ranch Hand
Posts: 110
Google App Engine Google Web Toolkit Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sai,

If you haven't heard about security in Java (as you've referred maybe trying to refer Java SE) or in Java "web" is because you haven't read enough about Java yet.

There is no such thing as deep study related to security in any of these subjects because any possible breach found will be related to some protocol, infrastructure, operational system, etc that your software written using Java rely on.

What you might find is how-to define security constraints and programmatic security in servlet API. In EJB you might find role validation at metadata(annotation) level or programmatic to do some validation or operation that requires certain level of authorization. Using API's such as JAAS or any other will just take the abstraction higher, but the problems will be the same.

Session forgery, Sniffing, XHR Interception and replay, some exploit on top of some out-of-date protocol / server / software on the server, these are all problems addressed in any technology .. and I'm not talking about another practices such as DoS and so on, you could find a book that talk about this and you should use the mechanism you find that better suits your needs based on what you learn.

Hope it helps you!
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic