*
The moose likes Product and Other Certifications and the fly likes IT Security, and certifications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Product and Other Certifications
Bookmark "IT Security, and certifications" Watch "IT Security, and certifications" New topic
Author

IT Security, and certifications

Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2049
Hi,

Im just searching for a nice addition to my skills.

Besides sounding cool, and probably being the highest-paid career (just like 'physical' security), IT security industry is a nice one.

Any comment about the following (which I am considering because I can get sponsorship on these 2)?

1. Computer Hacking Forensic Investigator (CHFI)
2. Certified Information Systems Security Professional (CISSP)

Any comment on these, or anything on it security in general, as a job, is appreciated.
Sai Venkat
Greenhorn

Joined: Jul 28, 2005
Posts: 4
Even I am looking at Security certifications related to the programming - java and web application. Where you able to find any information on how useful are those and also any pointers where we can find the material to go over? Any inputs will be really appriciated.

Thanks.
Jayr Motta
Ranch Hand

Joined: Jul 30, 2010
Posts: 110

Sai,

If you haven't heard about security in Java (as you've referred maybe trying to refer Java SE) or in Java "web" is because you haven't read enough about Java yet.

There is no such thing as deep study related to security in any of these subjects because any possible breach found will be related to some protocol, infrastructure, operational system, etc that your software written using Java rely on.

What you might find is how-to define security constraints and programmatic security in servlet API. In EJB you might find role validation at metadata(annotation) level or programmatic to do some validation or operation that requires certain level of authorization. Using API's such as JAAS or any other will just take the abstraction higher, but the problems will be the same.

Session forgery, Sniffing, XHR Interception and replay, some exploit on top of some out-of-date protocol / server / software on the server, these are all problems addressed in any technology .. and I'm not talking about another practices such as DoS and so on, you could find a book that talk about this and you should use the mechanism you find that better suits your needs based on what you learn.

Hope it helps you!


Feel free to ask me anything!
www.BlackBeltFactory.com/ui#!/ref=jmotta, SCJP 6, OCWCD JEE5, OCE EJB JEE6
 
Don't get me started about those stupid light bulbs.
 
subject: IT Security, and certifications
 
Similar Threads
CISSP
Cerification from IBM, CompTIA, OMG
Christopher Steel, CISSP - Any thoughts on the value of this certification?
J2EE Certification in Security
security cert?