<<Professional Java Security>> is a wonderful guideline for java security developer.
It covers the following topics, any problem please refer to the book:
- Overview of enterprise security issues, defining a security policy,
- Java security features, support for security in Java code (accessibility, serialization, sealed JAR files, and privileged code),
- introduction to cryptography and encryption,
- introduction to symmetric and asymmetric encryption, authentication,
- the Java Cryptography Architecture (JCA),
- the Java Cryptography Extension (JCE),
- symmetric encryption with Java (including password-based encryption, ciphers, and sealed objects),
- asymmetric encryption in Java (including file encryption with RSA),
- message digests,
- digital signatures,
- digital certificates,
- signing JAR files (permissions and applets),
- additional security in Java with servlets and EJB,
- the Java Authentication and Authorization Service (JAAS),
- using SSL in Java applications,
- securing JDBC database connections,
- case study for a secure online banking application, building a custom JCE provider (using the RSA algorithm),
- dditional security techniques (securing e-mail, timestamping, secure logging, using a nonce)