Free eBooks > Business & Investing > General > Securing Java: Getting Down To Business With Mobile Code

Securing Java: Getting Down To Business With Mobile Code

by Gary Mcgraw And Ed Felten

Authors Gary McGraw and Edward W. Felten begin with the sandbox--the original Java security model. They then explain why the sandbox, while secure, was too restrictive and was combined with a code-signing model in Java 2.

After explaining how security ought to work, Securing Java reveals a menagerie of applets that have circumvented Java security to achieve a variety of noisome and damaging ends. The authors reveal enough information about these applets to show where the dangers are, and they offer security tips for programmers and network administrators.

McGraw and Felten include a brief but well-informed chapter about the security issues raised by the Java Card environment and smart cards generally. A couple of question-and-answer sections toward the end of Securing Java also deserve special recognition. One, on Java security as a whole, provides succinct and accurate answers to questions about how secure Java is and what you can do to minimize your Java security risk. The other Q&A section compares--fairly and with plenty of information--the security features of Java and ActiveX. --David Wall

Book Description
Information Security/Java "This book is mandatory reading for every user and developer of Webware." -Peter G. Neumann, Moderator of the Risks Forum, from his review of the first edition Securing Java Java security is more important now than ever before. As Java matures and moves into the enterprise, security takes a more prominent role. But as Java evolves, its security issues and architectures get more complicated. Written by the world's leading experts on mobile code security, this updated and expanded edition of the groundbreaking guide to Java security includes lessons for Web users, developers, system administrators, and business decision-makers alike. This book navigates the uncharted waters of mobile code security and arms the reader with the knowledge required for securing Java. It provides in-depth coverage of:
* The base Java security sandbox, made up of the Verifier, Class Loaders, and the Security Manager
* Code signing, stack inspection, and the new Java 2 security architecture
* The pros and cons of language-based enforcement models and trust models
* All known Java security holes and the attack applets that exploit them
* Techniques commonly used in malicious applets
* Twelve rules for developing more secure Java code, with explicit examples
* Hard questions to ask third-party Java security tools vendors
* Analysis of competing systems for mobile code, including ActiveX and JavaScript
* Card Java security, smart card risks, and their impact on e-commerce security
On the companion Web site www.securingjava.com you'll find:
* The Java Security Hotlist: Over 100 categorized and annotated Java security-related Web links
* An e-mail list to keep subscribers abreast of breaking Java security news
* A complete electronic edition of this book

Book Info
Discusses mobile code security and provides indepth coverage of the base Java security sandbox, made up of the verifier, class loaders, and the security manager. Softcover. DLC: Java (Computer program language).

From the Back Cover
Information Security/Java "This book is mandatory reading for every user and developer of Webware." —Peter G. Neumann, Moderator of the Risks Forum, from his review of the first edition Securing Java Java security is more important now than ever before. As Java matures and moves into the enterprise, security takes a more prominent role. But as Java evolves, its security issues and architectures get more complicated. Written by the world’s leading experts on mobile code security, this updated and expanded edition of the groundbreaking guide to Java security includes lessons for Web users, developers, system administrators, and business decision-makers alike. This book navigates the uncharted waters of mobile code security and arms the reader with the knowledge required for securing Java. It provides in-depth coverage of:

• The base Java security sandbox, made up of the Verifier, Class Loaders, and the Security Manager
• Code signing, stack inspection, and the new Java 2 security architecture
• The pros and cons of language-based enforcement models and trust models
• All known Java security holes and the attack applets that exploit them
• Techniques commonly used in malicious applets
• Twelve rules for developing more secure Java code, with explicit examples
• Hard questions to ask third-party Java security tools vendors
• Analysis of competing systems for mobile code, including ActiveX and JavaScript
• Card Java security, smart card risks, and their impact on e-commerce security

• The Java Security Hotlist: Over 100 categorized and annotated Java security-related Web links
• An e-mail list to keep subscribers abreast of breaking Java security news
• A complete electronic edition of this book

Related Free eBooks

• The Java Tutorial
• Securing Java on the Web
• Pure JSP - Java server pages - a code-intensive premium ref
• Malicious Mobile Code-Virus Protection for Windows
• Java Code Convetions
• e-business Application Solutions on OS/390 Using Java: Samples
• e-business Application Solutions Using Java: Volume I
• e-business Cookbook for z/OS Volume III: Java Development
• J2me ? Java On The Mobile Phone
• Securing Java
• Processing Xml With Java: A Guide To Sax, Dom, Jdom, Jaxp, And Trax
• Securing And Optimizing Linux
• The Java Language Specification
• Introduction To Programming Using Java
• Java Awt Reference
• Thinking In Java
• The Java Web Services Tutorial
• Principles Of Object-oriented Programming In Java 1.1: The Practical Guide To Effective, Efficient Program Design
• Securing Your Business with Cisco ASA and PIX Firewalls May 2005

Related Tags