Synopses & Reviews
Secure your Java and J2EE applications--from the hacker's perspective
Application security is a highly complex topic with new vulnerabilities surfacing every day. Break-ins, fraud, sabotage, and DoS attacks are on the rise, and quickly evolving Java-based technology makes safeguarding enterprise applications more challenging than ever. Hacking Exposed J2EE & Java will show you, step-by-step, how to defend against the latest attacks by understanding the hacker's methods and thought processes. You'll gain insight through examples of real-world attacks, both ordinary and sophisticated, and get valuable countermeasures to protect against them. You'll also find an in-depth case study with Java and J2EE security examples and actual working code incorporated throughout the book.
What you'll learn:
- The proven Hacking Exposed methodology to locate and patch vulnerable systems
- How to apply effective security countermeasures to applications which use the following Java enterprise technologies:
Servlets and Java Server Pages (JSPs); Enterprise Java Beans (EJBs); Web Services; Applets; Java Web Start; Remote Method Invocation (RMI); Java Message Service (JMS)
- How to design a security strategy that extends throughout a multi-tiered J2EE architecture using J2SE 1.4 and J2EE 1.3
- What common, but devastating, vulnerabilities exist within many J2EE applications
- How to use the J2EE security architecture to create secure J2EE applications
- How to use the Java security APIs, including the Java Authentication and Authorization Service (JAAS), the Java Cryptography Extension (JCE), and the Java Secure Socket Extension (JSSE)
- How to create applications that proactively defend against malicious users, content manipulation, and other attacks.
- Valuable tips for hardening J2EE applications based on the authors' expertise
Table of Contents
Part I: J2EE Architecture and Technology Introduction
1: The Java Basics: Security from the Ground Up
2: Introduction to JAAS, JCE, and JSSE
3: J2EE Architecture and Security
Part II: Java Application and Network Security
4: Using Encryption and Authentication to Protect an Application
5: Software Piracy and Code Licensing Schemes
6: The Exposure of Bytecodes
7: Hacking Java Client-Server Applications: Another Tier to Attack
8: Java Network Applications: Potential Security Flaw Attacks
Part III: J2EE Security on the Web and Business Tiers
9: This is .WAR: Exploiting Java Web Tier Components
10: Shaking the Foundation: Web Container Strengths and Weaknesses
11: Java Web Services Security
12: Enterprise Java Beans: Security for the Business Tier