• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Iron Clad Java

 
Ranch Hand
Posts: 462
Scala jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this suitable for a security beginner?
 
Sheriff
Posts: 17644
300
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

The "Iron-Clad Java" authors wrote:As we named this book Iron-Clad Java, we envision this book to be the beginning of a series. We want to move every developer in the direction of Steel-Clad Java and Adamantium-Clad Java, and Self-Defending Laser-Powered-Armor-Clad Java, but our first honest step is Iron-Clad. The path to secure software is not an easy one and requires discipline, study, and a great deal of practice. We hope this book will guide you down this path in a way that benefits you, your team, and especially your users in positive ways.


I have skimmed through the book and it looks like a very good place to start. Now I plan to start my first pass of the book (the authors recommend reading through it at least three times).

The topics covered are exactly the ones I would be looking for if I needed information about making my web application secure.

As the authors say, security and writing secure software is not easy. From the little that I've read so far, it looks like they have a very direct and to-the-point approach and get right down to the nuts and bolts practical discussions. In contrast, other introductory books about security may start off with academic discussions of basic security concepts like confidentiality, integrity, availability, authentication, authorization, auditing, non-repudiation, etc. While it's good to have a foundation of basic security concepts and secure coding principles, I really like the "cut to the chase" approach in this book.

My follow-up question to Jim and August is whether "Steel-Clad Java" is already in the works and if it is, what topics will it cover? (And thanks so much for spending some time with us this week! )
 
Greenhorn
Posts: 6
Netbeans IDE Oracle Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Will asked the very question I was thinking. My department has recently been looking at exposing some of our Java web tools to external users and I'm being asked a lot of security questions. I have been looking for a good beginners book. Thanks, for the response Junilu. Thanks to Jim and August for your time.
 
Author
Posts: 53
7
MySQL Database Tomcat Server Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Junilu Lacar,

This book is meant for the experience developer who might be new to security.

Our next book in the works is "Iron-Clad Apps" and plans to cover webservices, mobile and IoT in additional to general web security.

Jim Young,

Regardless of wether your app is "internal" or "eternal" you still want to lock that baby down. Networks tend to be porous these days and internal apps are really external.

Aloha,
Jim Manico
@Manicode
jim@manico.net

 
Ranch Hand
Posts: 182
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junilu Lacar wrote:In contrast, other introductory books about security may start off with academic discussions of basic security concepts like confidentiality, integrity, availability, authentication, authorization, auditing, non-repudiation, etc. While it's good to have a foundation of basic security concepts and secure coding principles, I really like the "cut to the chase" approach in this book.



Thanks for your informative review Junilu. It helped me. Can you please recommend some book(s) from which I can learn the basics of security (theory and programming) before I read the Iron-clad-java book ?
 
Junilu Lacar
Sheriff
Posts: 17644
300
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ali Gordon wrote:Can you please recommend some book(s) from which I can learn the basics of security (theory and programming) before I read the Iron-clad-java book ?


I think "field guide" type books like Iron Clad Java would actually be better as a first read. There are more practical examples and the material is easier to get through. To be honest, I find it hard to get through a lot of "introductory" books on security because the material gets so boring after a while. I can only take so much "theory"; I have to get my hands dirty with working software. That said, someone in another thread asked about "Foundations of Security: Everything a Programmer Needs to Know", which is quite comprehensive. It has a 4.5-star rating on Amazon.

You might also look at books related to the Certified Secure Software Lifecycle Professional (CSSLP) certification. I don't think they're easy for beginners to digest—in fact, there's not much about security that's easy—but these books also have a lot of material about the basics and principles of security.
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ali Gordon wrote:Can you please recommend some book(s) from which I can learn the basics of security (theory and programming) before I read the Iron-clad-java book ?



Jim Manico wrote:This book is meant for the experience developer who might be new to security.



Ali: You can learn about security from this book. I think Jim means you need to have a good knowledge of web programming first. Read a book like Core Servlets and JSPs first if you aren't experienced in that area.
reply
    Bookmark Topic Watch Topic
  • New Topic