This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Book/Tutorial recommendation for Java Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Book/Tutorial recommendation for Java Security" Watch "Book/Tutorial recommendation for Java Security" New topic
Author

Book/Tutorial recommendation for Java Security

Chan Ag
Bartender

Joined: Sep 06, 2012
Posts: 1000
    
  16
Hi,

Does someone know of a good book/tutorial to get started with Java Security? Currently I have only a basic idea of things like SSL/Digital Signatures/Keystores/Classloaders/Security Managers/Encryption/Decryption/OAuth/OpenId etc. Basically what I know is what I had studied during my engineering course. Apart from that I have browsed a little bit on how SSL and OAuth 2.0 works. But that is all.

I feel I should invest some more time into studying these things from scratch. Also the feature I'm working on currently might need to use OAuth authentication. So knowing the basics before hand will be helpful. Also that'll help me get a more comprehensive picture of the associated stuff.

So does someone have a book recommendation?

I'm considering to buy the book "Java Security Edition 2" by Scott Oaks, but it was written in 2001. So it doesn't cover things like OpenId and OAuth 1.0 and OAuth 2.0. But I was still considering that book, cause I thought once I have a grasp on how the basic things work, other tutorials I see online will probably start making more sense. But does someone know of a better book? Is there a book/tutorial you found really helpful?

Thanks.
Chan.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
A subject dear to my heart. I added lots of resources I found useful to the http://www.coderanch.com/how-to/java/SecurityFaq. If you work through the stuff linked under "general remarks" you should have a good overview of the Java-related stuff. Most importantly, start with the podcast by Bruce Schneier. There's little value delving into specifics before you understand how security is a process, not one or more technologies. Also, that security can't be "added" to a system later on (at least not without great cost), but needs to be an integral part of it from the beginning. And lastly, that it's important to do a risk analysis of any system, so that likely attacks and their costs (both in guarding against them, and if they're successful) are known - only then can informed decisions be made on what needs to be protected, and how.

A somewhat newer book than the one you mention is "Core Security Patterns" from 2006. At 1000 pages it's pretty comprehensive (but keep in mind its publication date), but you will probably never finish reading it. I didn't :-)

I liked Schneier's "Secrets and Lies". While it's now also dated (from 2004), it's about fundamentals, and thus more broadly applicable than technology-specific books. I recommend to start with that, and then pick up the language-specific stuff from the resources in the FAQ.


Ping & DNS - my free Android networking tools app
Chan Ag
Bartender

Joined: Sep 06, 2012
Posts: 1000
    
  16
The Security FAQ is really good -- it covers most of the topics that I need to know about. So for now, this is exactly what I need.

Once I'll know what is what with more details, I'll probably order Secrets and Lies.

Sorry I couldn't respond earlier than this but thanks a lot.

 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Book/Tutorial recommendation for Java Security
 
Similar Threads
Where can I learn about Swing?
a very basic question about java and oracle database
Excellent Study Guides For All Major IT Certifications
Hardening Linux by James Turnbull
Struts2 with Spring Security Oauth2 plugin