What do you think?
Rate this book
Iron-Clad Java: Building Secure Web Applications
Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills. "In this book, Jim Manico and August Detlefsen tackle security education from a technical perspective and bring their wealth of industry knowledge and experience to application designers. A significant amount of thought was given to include the most useful and relevant security content for designers to defend their applications. This is not a book about security theories, it’s the hard lessons learned from those who have been exploited, turned into actionable items for application designers, and condensed into print." ―From the Foreword by Milton Smith, Oracle Senior Principal Security Product Manager, Java
- GenresSoftware
304 pages, Paperback
First published September 12, 2014
2 people are currently reading
61 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
November 25, 2019
The book is great. I was reading it a few WEEKS ago and really enjoyed it. Most probably we should encourage practical programmers to write more books like this. The book I've read before this one (I don't even remember the name) was so boring and abstract that I didn't even finish the first chapter. This one, though, is pretty down to earth and practical. Thumbs up!
November 7, 2022
Amazing source of information, well written and thought provoking. I will defined share it with others so we can all build a more secure web for everyone.
November 23, 2019
What can I say?
It's my holy textbook..
It's my holy textbook..
May 11, 2021
Excellent book full of useful code. Concisely written, highly recommended.
September 28, 2014
It's taken me a while to write a review of “Iron-Clad Java: Building Secure Web Applications” because it motivated me to fix two security vulnerabilities in CodeRanch – clickjacking and brute force login. (and I didn't want to post this review until they were deployed)
The concepts were explained clearly in addition to tactics and patterns/anti-patterns. I particularly liked the emphasis on security vs usability. The explanation for the different types of XSS attacks and using encoding appropriate to the context was excellent. I like that there was a whole chapter on logging.
I learned a lot reading this book; even about topics I thought I knew a lot about. I hadn't known oWASP had an HTML validator. I hadn't heard of null byte attacks.
For many of the vulnerabilities, the book suggests libraries you can use to help. I hadn't heard of Apache Shiro. I was surprised OWASP's CSRF filter wasn't mentioned though.
The book targets Java developers, project managers, web security penetration testers and technical managers. I was skeptical that a book with so much code could be useful to managers. After reading the book, I'm convinced. Skipping over the coding sections gives managers an appreciation and the vocabulary for discussion security with their staff.
If you have a web app, you should definitely get this book.
---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
The concepts were explained clearly in addition to tactics and patterns/anti-patterns. I particularly liked the emphasis on security vs usability. The explanation for the different types of XSS attacks and using encoding appropriate to the context was excellent. I like that there was a whole chapter on logging.
I learned a lot reading this book; even about topics I thought I knew a lot about. I hadn't known oWASP had an HTML validator. I hadn't heard of null byte attacks.
For many of the vulnerabilities, the book suggests libraries you can use to help. I hadn't heard of Apache Shiro. I was surprised OWASP's CSRF filter wasn't mentioned though.
The book targets Java developers, project managers, web security penetration testers and technical managers. I was skeptical that a book with so much code could be useful to managers. After reading the book, I'm convinced. Skipping over the coding sections gives managers an appreciation and the vocabulary for discussion security with their staff.
If you have a web app, you should definitely get this book.
---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
January 19, 2015
An excellent book about java security that covers the most important aspects of code security. The book also suggests multiple security libraries for security operations (not bounded by a technology provider).
Displaying 1 - 6 of 6 reviews