Professional Java Security

<<Professional Java Security>> is a wonderful guideline for java security developer.

It covers the following topics, any problem please refer to the book:

1. Overview of enterprise security issues, defining a security policy,
2. Java security features, support for security in Java code (accessibility, serialization, sealed JAR files, and privileged code),
3. introduction to cryptography and encryption,
4. introduction to symmetric and asymmetric encryption, authentication,
5. the Java Cryptography Architecture (JCA),
6. the Java Cryptography Extension (JCE),
7. symmetric encryption with Java (including password-based encryption, ciphers, and sealed objects),
8. asymmetric encryption in Java (including file encryption with RSA),
9. message digests,
10. digital signatures,
11. digital certificates,
12. signing JAR files (permissions and applets),
13. additional security in Java with servlets and EJB,
14. the Java Authentication and Authorization Service (JAAS),
15. using SSL in Java applications,
16. securing JDBC database connections,
17. case study for a secure online banking application, building a custom JCE provider (using the RSA algorithm),
18. dditional security techniques (securing e-mail, timestamping, secure logging, using a nonce)