Send a Visa virtual eGift card.
Add Prime to get Fast, Free delivery
Amazon prime logo
Buy new:
-26% $32.78
FREE delivery Tuesday, November 26 on orders shipped by Amazon over $35
Ships from: Amazon.com
Sold by: Amazon.com
$32.78 with 26 percent savings
List Price: $44.00
Get Fast, Free Shipping with Amazon Prime FREE Returns
FREE delivery Tuesday, November 26 on orders shipped by Amazon over $35
Or Prime members get FREE delivery Saturday, November 23. Order within 7 hrs 21 mins.
In Stock
$$32.78 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$32.78
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Sold by
Amazon.com
Returns
Returnable until Jan 31, 2025
Returnable until Jan 31, 2025
For the 2024 holiday season, eligible items purchased between November 1 and December 31, 2024 can be returned until January 31, 2025.
Read full return policy
Returns
Returnable until Jan 31, 2025
For the 2024 holiday season, eligible items purchased between November 1 and December 31, 2024 can be returned until January 31, 2025.
Read full return policy
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
$18.18
Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less See less
FREE delivery November 29 - December 4. Details
Or fastest delivery November 27 - December 2. Details
In stock
$$32.78 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$32.78
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
Ships from and sold by ThriftBooks-Phoenix.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

Jim Manico
Follow
August Detlefsen
Follow
Something went wrong. Please try your request again later.

Iron-Clad Java: Building Secure Web Applications (Oracle Press) 1st Edition

by Jim Manico (Author), August Detlefsen (Author)
4.5 4.5 out of 5 stars 53 ratings
See all formats and editions
{"desktop_buybox_group_1":[{"displayPrice":"$32.78","priceAmount":32.78,"currencySymbol":"$","integerValue":"32","decimalSeparator":".","fractionalValue":"78","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"olmvBfwLCdBkkfJlA7ntygGpvk9qqfAnb0%2B6%2FzGkJiP7tXVftjvKZ9ZQpMffvqEIDE7wY2sSbIU9mhT0%2BCno8VUMmhdYpR5wsaT0xGxIy37wRckWtpFtgmk%2BXkZBQzZ%2Bj%2FMUFoW%2B09c9yd%2BGipldgw%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$18.18","priceAmount":18.18,"currencySymbol":"$","integerValue":"18","decimalSeparator":".","fractionalValue":"18","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"olmvBfwLCdBkkfJlA7ntygGpvk9qqfAnyIpkBrzkjT2aBmF1zQKBUXee4h4761vvNgVgzQPkm4AIrKdbORQ4XYwWcIyCxVJ41hnC09S6EQ3o0M044U0JbTS2Rtvdk0M%2BzIwV7l6g6znAVWUlxoKJPaoow1Ek4G1EvUEW4JR6%2BSoMpQaeCuQyaAvwWoKOOM9j","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Proven Methods for Building Secure Java-Based Web Applications

Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills.

  • Establish secure authentication and session management processes
  • Implement a robust access control design for multi-tenant web applications
  • Defend against cross-site scripting, cross-site request forgery, and clickjacking
  • Protect sensitive data while it is stored or in transit
  • Prevent SQL injection and other injection attacks
  • Ensure safe file I/O and upload
  • Use effective logging, error handling, and intrusion detection methods
  • Follow a comprehensive secure software development lifecycle

"In this book, Jim Manico and August Detlefsen tackle security education from a technical perspective and bring their wealth of industry knowledge and experience to application designers. A significant amount of thought was given to include the most useful and relevant security content for designers to defend their applications. This is not a book about security theories, it’s the hard lessons learned from those who have been exploited, turned into actionable items for application designers, and condensed into print." ―From the Foreword by Milton Smith, Oracle Senior Principal Security Product Manager, Java

Previous slide of product details
  1. ISBN-10
    0071835881
  2. ISBN-13
    978-0071835886
  3. Edition
    1st
  4. Publisher
    McGraw Hill
  5. Publication date
    September 9, 2014
  6. Part of series
    Oracle Press
  7. Language
    English
  8. Dimensions
    7.4 x 0.7 x 9.1 inches
  9. Print length
    304 pages
  10. See all details
Next slide of product details
Amazon First Reads | Editors' picks at exclusive prices

Frequently bought together

Iron-Clad Java: Building Secure Web Applications (Oracle Press)
This item: Iron-Clad Java: Building Secure Web Applications (Oracle Press)
$32.78
Get it as soon as Tuesday, Nov 26
In Stock
Ships from and sold by Amazon.com.
+
Software Testing: An ISTQB-BCS Certified Tester Foundation guide - 4th edition
$58.95
Get it as soon as Tuesday, Nov 26
Only 1 left in stock - order soon.
Sold by Tome Dealers and ships from Amazon Fulfillment.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Treatment
One of these items ships sooner than the other.
Show details Hide details
Choose items to buy together.

From the brand

Previous page
  2. About Us

    As a leading global education company, our mission is to partner with educators, learners, and professionals to help them access all the value that education can offer, no matter where their starting points may be.

    For over 130 years, we have never stopped innovating to meet the ever-changing needs of educators and learners around the world – and will continue to support and celebrate their efforts every step of the way.

  3. Lifelong learner
Next page

Editorial Reviews

From the Publisher

Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.

August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.

About the Author

Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.

August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.

Product details

  • Publisher ‏ : ‎ McGraw Hill; 1st edition (September 9, 2014)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 304 pages
  • ISBN-10 ‏ : ‎ 0071835881
  • ISBN-13 ‏ : ‎ 978-0071835886
  • Item Weight ‏ : ‎ 1.14 pounds
  • Dimensions ‏ : ‎ 7.4 x 0.7 x 9.1 inches
  • Customer Reviews:
    4.5 4.5 out of 5 stars 53 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Jim Manico

    Jim Manico

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Jim Manico is an author and educator of developer security awareness trainings. He is a frequent speaker on secure software practices and is a member of the JavaOne "rockstar hall of fame". He has a 18+ year history building software as a developer and architect. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series, https://www.owasp.org/index.php/OWASP_Java_Encoder_Project and https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project all of which help Java developers build secure applications. Jim also lives on the island of Kauai with his wonderful wife Tracey. For more information, see http://www.linkedin.com/in/jmanico.

    See more on the author's page
  2. August Detlefsen

    August Detlefsen

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    August Detlefsen is a Senior Application Security Consultant with more than eighteen years experience in Software Development, Enterprise Application Architecture and Information Security. August works with major clients in financial services, mobile and e-commerce, and technology to secure web properties from potential threats. His consulting services include offensive and defensive training, source code and infrastructure reviews, penetration testing, threat modeling, gap analysis, and architecture of software security controls. August is a graduate of Dartmouth College and an active member of OWASP. He has contributed to several open source security libraries which provide web developers with APIs for building robust applications. August also enjoys developing tools to assist penetration testers, including Burp Suite extensions to test specific web frameworks and actively and passively detect vulnerabilities.

    For more information about August, see https://www.codemagi.com

    See more on the author's page
Next page

Customer reviews

4.5 out of 5 stars
53 global ratings

Customers say

Customers find the book engaging, amazing, and fun. They also describe the writing style as inviting and conversational. Readers say the content quality is good, building a framework for understanding complex and intimidating concepts. They appreciate the concise coverage of all the essential topics.

AI-generated from the text of customer reviews

Select to learn more
EnjoymentWriting styleContent quality
4 customers mention "Enjoyment"4 positive0 negative

Customers find the book engaging, amazing, and fun. They say it makes reading about security fun while presenting key information for every developer.

"...The style is conversational and very enjoyable. It makes reading about security fun while presenting key information that every developer needs to..." Read more

"This is amazing book, for busy developer who don't have a lot of time, this book cover most security issues you might have while developing..." Read more

"...advice on current secure software development best practices, this book is invaluable...." Read more

"A brilliant book that I wish I had a few years ago...." Read more

4 customers mention "Writing style"4 positive0 negative

Customers find the writing style inviting and conversational.

"...The book is actually engaging. The style is conversational and very enjoyable...." Read more

"...The writing style is also great.That being said, I don't like so much the presentation of CSRF...." Read more

"...The writing style stays conversational, while delivering the specific facts a developer needs to implement the recommendations." Read more

"...Their writing style is very inviting; it reminds me of the style used by W. Richard Stevens in TCP/IP Illustrated." Read more

3 customers mention "Content quality"3 positive0 negative

Customers find the content quality of the book excellent. They say it builds a framework for understanding complex and intimidating concepts. Readers also appreciate the concise coverage of all essential topics and key information that every developer needs to know.

"...This book makes no assumptions. It builds a framework for understanding complex and sometimes intimidating concepts so that every reader can fully..." Read more

"...Great practical examples that I found easy to follow and to implement...." Read more

"Concise coverage of all the essential topics. Iron-Clad Java is a winner...." Read more

Top reviews from the United States

David E. Waldrop
5.0 out of 5 stars Iron-Clad Java should be required reading for every Java developer!
Reviewed in the United States on June 4, 2015
Verified Purchase
Let me first start out by complementing the authors on the writing style. The book is actually engaging. The style is conversational and very enjoyable. It makes reading about security fun while presenting key information that every developer needs to understand.

This book makes no assumptions. It builds a framework for understanding complex and sometimes intimidating concepts so that every reader can fully grasp and own that material. Topics are then further explored with code examples as well as references to projects (i.e. OWASP HTML Validator, Shiro, etc.) so that the reader can apply what has been presented.

One of the things that I really like about the book is the presentation of anti-patterns as well as positive patterns. The authors take the time to show you both the approaches that do not work as well as ones that will! This is crucial as many of the bad approaches (anti-patterns) are solutions that are often seen in real-world situations. The authors explain why the anti-patterns are weak and then present solutions that will work!

The breadth of the topic matter is superb. The OWASP top 10 vulnerabilities are well represented in this book. However, it goes beyond the theoretical and covers topics that have an immediate impact to actual projects. I recently found myself pointing a fellow developer to the chapter on Safe File Upload and File I/O.

This book is very approachable and would be appropriate anyone in application development, project management, information security, or upper management.

This is absolutely a must-read for developers in industries that deal with personal, financial, or medical information.

I highly recommend this book!
One person found this helpful
Helpful
 Report
R. Perris
5.0 out of 5 stars If you are looking for advice on current secure software development best practices, this book is invaluable
Reviewed in the United States on September 4, 2014
Verified Purchase
Concise coverage of all the essential topics. Iron-Clad Java is a winner. If you are looking for advice on current secure software development best practices, this book is invaluable. The writing style stays conversational, while delivering the specific facts a developer needs to implement the recommendations.
7 people found this helpful
Helpful
 Report
Georgios Mournos
4.0 out of 5 stars I really liked this book, but ...
Reviewed in the United States on December 26, 2014
Verified Purchase
I really liked this book. It brings a lot of issues together, than one otherwise should look up in too many different sources.
The writing style is also great.

That being said, I don't like so much the presentation of CSRF. I believe the discussion of this problem should start by describing the "same-origin policy", cos this is where the problem but also the solutions start. CSRF is a case where the "same-origin policy" does not apply. The "Synchronizer token" offers effective protection cos the attacker cannot retrieve the token by doing a GET request before the POST request that would submit the token,because of the "same-origin policy". And in the "double submit cookies" solution, the attacker cannot read any data sent from the server or modify cookie values, per the same-origin policy, and not because the cookie is HttpOnly, as the authors put it. On the contrary, this cookie should not be HttpOnly, so that javascript frameworks such as AngularJS and DWR can manipulate it.
I think that the chapter of CSRF should be rewritten around the "same-origin policy".

One other place I disagree with the authors is the presentation of the "Insecure Direct Object Reference" Attack as a special case of SQL injection. Specifically, the authors present a special case of SQL injection where the injected part is the "order by clause" as the "Insecure Direct Object Reference" Attack. However, the later is not related to SQL injection.
5 people found this helpful
Helpful
 Report
Buhle
5.0 out of 5 stars A brilliant book that I wish I had a few years ago.
Reviewed in the United States on January 7, 2015
Verified Purchase
I couldn't put the book down, as I found a lot of things that I will incorporate in my next projects.
Great practical examples that I found easy to follow and to implement.

I particularly liked the explanation on the anti-patterns and the reason for their inadequacy when used exclusively(e.g. Black list validation).

I was pleasantly surprised to find the topic that covers authorization approaches other than the usual role-based approach. The book does justice in covering different authorization approaches and also looking at what modern applications will begin to need, which pure role-based approaches fall short on.

All in all, I enjoyed all the chapters in this book. I continue to re-read topics of interest from some chapters, to make sure that the lessons become part of how I approach all my future projects.
2 people found this helpful
Helpful
 Report
Amazon Customer
5.0 out of 5 stars This is amazing book, for busy developer who don't have a ...
Reviewed in the United States on March 19, 2018
Verified Purchase
This is amazing book, for busy developer who don't have a lot of time, this book cover most security issues you might have while developing
web application in java, and explain how hackers think and exploit weak area in application, and then give you all available ways to defense against.
Helpful
 Report
Steve Springett
5.0 out of 5 stars This is a must-have book for anyone architecting or developing ...
Reviewed in the United States on October 23, 2014
Verified Purchase
This is a must-have book for anyone architecting or developing webapps in Java. The advice is solid, un-biased, and framework agnostic, so the lessons learned from it should apply to any project. The takeaways from reading it will be a solid understanding of what is wrong with many webapps (in general) and corrective measures you can take to mitigate the issues. I highly encourage dev teams to collaborate on the examples in the book.
7 people found this helpful
Helpful
 Report
Irry
5.0 out of 5 stars Great book by two knowledgeable fellows in web security
Reviewed in the United States on October 19, 2014
Verified Purchase
Great book by two knowledgeable fellows in web security. Their writing style is very inviting; it reminds me of the style used by W. Richard Stevens in TCP/IP Illustrated.
One person found this helpful
Helpful
 Report
Len
1.0 out of 5 stars Warning -- You get what you pay for.
Reviewed in the United States on March 11, 2015
Verified Purchase
I wouldn't waste my $$$ on this book if I needed something that would help me to my job. I does not have enough information in it to do the job. It is more of a very high level, secondary reference book, which tells you where to go, rather than giving you what you need to know to do the job.
I should have known by the price that it would not do the job; i.e., $28.95....
I have 50 to 75 good software technical books in my reference library and most of which cost at least $40+ to $60+.
2 people found this helpful
Helpful
 Report

Top reviews from other countries

Translate all reviews to English
Vasile Gorcinschi
5.0 out of 5 stars Excellent book! The only suggestions would be to include ...
Reviewed in Canada on September 5, 2016
Verified Purchase
Excellent book! The only suggestions would be to include a greater coverage of Spring Security (and securing thymeleaf views against csfr attacks) and Apache Shiro. And to update examples that are based on the frameworks which are on the slope of popularity (Struts) in favor of more popular ones. But even without that it remains a must read for Java developers.
Report
prakash varma
4.0 out of 5 stars Four Stars
Reviewed in India on November 23, 2014
Verified Purchase
Every Java web application developer should have this book.
Report
laurent marot
4.0 out of 5 stars indispensable synthèse pour tout DEVSEC java
Reviewed in France on October 31, 2014
Verified Purchase
Livre à la fois synthétique et pointu.
Bonne source complémentaire de code à associer aux ressources traditionnelles de l'OWASP.
Dommage que le code des exemples ne soit pas disponible en téléchargement
Report