wood burning stoves 2.0*
The moose likes Security and the fly likes Book/Tutorial recommendation for Java Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Book/Tutorial recommendation for Java Security" Watch "Book/Tutorial recommendation for Java Security" New topic
Author

Book/Tutorial recommendation for Java Security

Chan Ag
Bartender

Joined: Sep 06, 2012
Posts: 1013
    
  15
Hi,

Does someone know of a good book/tutorial to get started with Java Security? Currently I have only a basic idea of things like SSL/Digital Signatures/Keystores/Classloaders/Security Managers/Encryption/Decryption/OAuth/OpenId etc. Basically what I know is what I had studied during my engineering course. Apart from that I have browsed a little bit on how SSL and OAuth 2.0 works. But that is all.

I feel I should invest some more time into studying these things from scratch. Also the feature I'm working on currently might need to use OAuth authentication. So knowing the basics before hand will be helpful. Also that'll help me get a more comprehensive picture of the associated stuff.

So does someone have a book recommendation?

I'm considering to buy the book "Java Security Edition 2" by Scott Oaks, but it was written in 2001. So it doesn't cover things like OpenId and OAuth 1.0 and OAuth 2.0. But I was still considering that book, cause I thought once I have a grasp on how the basic things work, other tutorials I see online will probably start making more sense. But does someone know of a better book? Is there a book/tutorial you found really helpful?

Thanks.
Chan.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41634
    
  55
A subject dear to my heart. I added lots of resources I found useful to the http://www.coderanch.com/how-to/java/SecurityFaq. If you work through the stuff linked under "general remarks" you should have a good overview of the Java-related stuff. Most importantly, start with the podcast by Bruce Schneier. There's little value delving into specifics before you understand how security is a process, not one or more technologies. Also, that security can't be "added" to a system later on (at least not without great cost), but needs to be an integral part of it from the beginning. And lastly, that it's important to do a risk analysis of any system, so that likely attacks and their costs (both in guarding against them, and if they're successful) are known - only then can informed decisions be made on what needs to be protected, and how.

A somewhat newer book than the one you mention is "Core Security Patterns" from 2006. At 1000 pages it's pretty comprehensive (but keep in mind its publication date), but you will probably never finish reading it. I didn't :-)

I liked Schneier's "Secrets and Lies". While it's now also dated (from 2004), it's about fundamentals, and thus more broadly applicable than technology-specific books. I recommend to start with that, and then pick up the language-specific stuff from the resources in the FAQ.


Ping & DNS - my free Android networking tools app
Chan Ag
Bartender

Joined: Sep 06, 2012
Posts: 1013
    
  15
The Security FAQ is really good -- it covers most of the topics that I need to know about. So for now, this is exactly what I need.

Once I'll know what is what with more details, I'll probably order Secrets and Lies.

Sorry I couldn't respond earlier than this but thanks a lot.

 
wood burning stoves
 
subject: Book/Tutorial recommendation for Java Security