無料のKindleアプリをダウンロードして、スマートフォン、タブレット、またはコンピューターで今すぐKindle本を読むことができます。Kindleデバイスは必要ありません。
ウェブ版Kindleなら、お使いのブラウザですぐにお読みいただけます。
携帯電話のカメラを使用する - 以下のコードをスキャンし、Kindleアプリをダウンロードしてください。
Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management ハードカバー – 2005/10/14
購入オプションとあわせ買い
- 本の長さ1088ページ
- 言語英語
- 出版社Prentice Hall
- 発売日2005/10/14
- 寸法18.42 x 5.72 x 24.77 cm
- ISBN-100131463071
- ISBN-13978-0131463073
商品の説明
著者について
Christopher Steel, CISSP, ISSAP, is the President and CEO of FortMoon Consulting and was recently the Chief Architect on the U.S. Treasury's Pay.gov project. He has over fifteen years experience in distributed enterprise computing with a strong focus on application security, patterns, and methodologies. He presents regularly at local and industry conferences on security-related topics.
Ramesh Nagappan is a Java Technology Architect at Sun Microsystems. With extensive industry experience, he specializes in Java distributed computing and security architectures for mission-critical applications. Previously he coauthored three best-selling books on J2EE, EAI, and Web Services. He is an active contributor to open source applications and industry-standard initiatives, and frequently speaks at industry conferences related to Java, XML, and Security.
Ray Lai, Principal Engineer at Sun Microsystems, has developed and architected enterprise applications and Web services solutions for leading multinational companies ranging from HSBC and Visa to American Express and DHL. He is author of J2EE Platform Web Services (Prentice Hall, 2004).
登録情報
- 出版社 : Prentice Hall; 第1版 (2005/10/14)
- 発売日 : 2005/10/14
- 言語 : 英語
- ハードカバー : 1088ページ
- ISBN-10 : 0131463071
- ISBN-13 : 978-0131463073
- 寸法 : 18.42 x 5.72 x 24.77 cm
- カスタマーレビュー:
著者について
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
他の国からのトップレビュー
It explain in detail the security risk and ways to deal with it.
Unfortunately, I have never made it to the third chapter. True, most IT security books usually have weakness either in their security or IT component - it is not easy to find a well balanced resource. In this case, I found the security part so badly presented that my interest in the IT (Java) part of the book has quickly evaporated. Sorry, had to say that. It is not easy to persuade yourself to do things the way somebody tells you to if that somebody cannot even provide adequate high-level explanation.
Chapter 1, Security by Default, hits you with some sloppy writing right away (e.g. "hardening Web application security", "account digital update" [page 14], "out-of-compliance security policy enforcement", "the recent acceleration of e-mail viruses" [p.25]). Chapter 2, Basics of Security, follows suit adding repetitions and confusing terminology (exploits are mixed up with vulnerabilities, vulnerabilities with threats, authorization and identification with authentication etc.).
But it is not just the language. For example, the book says that "it is important to protect password files by using encrypted files"[p.13]. Do they mean protect passwords by using encryption? I guess so, but what about hashing passwords (which is actually a more common technique) - and what if the passwords are stored in a database rather than in a file?
The book says that "any audit or logging failure can cripple the ability of an application to diagnose the suspicious activity"[p.14]. But if the application can do such diagnostics, it does not need to read the security logs it itself creates, does it? Instead, it is the people who perform monitoring and investigate incidents whose ability to diagnose the suspicious activity would be crippled.
In explaining what security profiling is[p.20], the book states that "using featured tools, it helps in identifying risks and vulnerabilities and in verifying mandated regulatory or compliance requirements". No "featured tools" for profiling have been mentioned earlier, so I guess this fancy phrase came straight from some tool vendor marketing material.
But it gets better: some statements are downright funny, like this one: "the cardholder must use a biometrics scanner, whether the cardholder owns the card or not"[p.32]. That is the reason I gave it two stars rather than just one: humour, albeit unintended.
My favourite one is, "the [RSA] technology is based on the inability to quickly factor large prime numbers"[p.53]. The next sentence does say that "the exact details are beyond the scope of this book", but you would expect the security experts to know that prime numbers, large or small, cannot be factored by definition.
Lastly, the book states that "Java provides end-to-end security of an application beyond its underlying platform, ensuring security at all levels, including its users, components, services and communications". That's great - but then why writing a 1000-page book on the topic?