I guess I was looking for a list of other security concerns outside of the application. Something that would say, "Now that you have a secure application you need to look at XXX to be really secure". Is the server behind a locked door? Is there limited logon access to the box to keep everybody from logging into. Is the hard drive shared with Everyone granted full control for those Windows environments, etc.
Is there any suggestions for securing the application beyond the application itself?
I'm not sure that you understood my question and quite possibly I didn't understand your answer.
I was looking for something along the lines of any information regarding the complete solution. Let's say I use this book and built the perfect application addressing every security issue within the realms of Java. The program was flawless, but then I installed the app on a server that I don't keep patched. It sits out in a DMZ or possibly inside my network without any firewall rules. The database server is sitting on the same box as the app. I don't know what else would be bad for me to do with my strong app but having compromised the other areas of my solution?
Do you have any generalized instructions of other steps I can take to secure my solution not just the application? Larger clients may have a security deartment that keeps all of things things in mind when deploying a solution. Is there anything that I can use within the book to guide me to other areas of security?
Does the book go into any detail concerning the need to secure other areas of the application.
I don't think I would really expect a lot since this is a pattern book but it might have some information regarding that the app is only as secure as the entire solution and point users in the right direction to secure the other areas.
I work for a client that uses a wide variety of technologies including Java, JSP, VS .Net (C#), ASP and VB6. While I'm sure the book is great for J2EE, how well might the pattern concepts transfer into the other languages?
As a Pattern book I would hope that the ideas would be transferable while J2ee was the medium for the examples in this instance. [ January 11, 2006: Message edited by: John Hembree ]
A friend of mine is interested in creating a Security portal website of sorts for various service oriented web sites that require user authentication. A single sign-on design but would pass through to the intended web site providing the end service. Would the book provide enough examples to point them in the right direction to implement a secure design. They have talked about the multi-factor authentication process (Password + Smartcard + Biometrics) that you had mentioned in another post. Is that type of technology covered in your book?
I'm not looking for a solution but something to point them in the right direction to create a secure application.
Originally posted by Rashmi Tambe: Siva, u r really lucky to get ... photo on the book !!!
I don't know if this would be so lucky or not... Did any of you see the some of the pictures in the first book. You might be surprised to see how your picture is used. This isn't a Wrox book (nor would any other book to be published any time soon).