The "Iron-Clad Java" authors wrote:As we named this book Iron-Clad Java, we envision this book to be the beginning of a series. We want to move every developer in the direction of Steel-Clad Java and Adamantium-Clad Java, and Self-Defending Laser-Powered-Armor-Clad Java, but our first honest step is Iron-Clad. The path to secure software is not an easy one and requires discipline, study, and a great deal of practice. We hope this book will guide you down this path in a way that benefits you, your team, and especially your users in positive ways.
I have skimmed through the book and it looks like a very good place to start. Now I plan to start my first pass of the book (the authors recommend reading through it at least three times).
The topics covered are exactly the ones I would be looking for if I needed information about making my web application secure.
As the authors say, security and writing secure software is not easy. From the little that I've read so far, it looks like they have a very direct and to-the-point approach and get right down to the nuts and bolts practical discussions. In contrast, other introductory books about security may start off with academic discussions of basic security concepts like confidentiality, integrity, availability, authentication, authorization, auditing, non-repudiation, etc. While it's good to have a foundation of basic security concepts and secure coding principles, I really like the "cut to the chase" approach in this book.
My follow-up question to Jim and August is whether "Steel-Clad Java" is already in the works and if it is, what topics will it cover? (And thanks so much for spending some time with us this week!
)