- Series: Oracle Press
- Paperback: 304 pages
- Publisher: McGraw-Hill Education; 1 edition (September 9, 2014)
- Language: English
- ISBN-10: 0071835881
- ISBN-13: 978-0071835886
- Product Dimensions: 7.4 x 0.7 x 9.1 inches
- Shipping Weight: 7 ounces (View shipping rates and policies)
- Average Customer Review: 19 customer reviews
- Amazon Best Sellers Rank: #818,949 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Iron-Clad Java: Building Secure Web Applications (Oracle Press) 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
Frequently bought together
Customers who bought this item also bought
About the Author
Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.
August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The writing style is also great.
I think that the chapter of CSRF should be rewritten around the "same-origin policy".
One other place I disagree with the authors is the presentation of the "Insecure Direct Object Reference" Attack as a special case of SQL injection. Specifically, the authors present a special case of SQL injection where the injected part is the "order by clause" as the "Insecure Direct Object Reference" Attack. However, the later is not related to SQL injection.
This book makes no assumptions. It builds a framework for understanding complex and sometimes intimidating concepts so that every reader can fully grasp and own that material. Topics are then further explored with code examples as well as references to projects (i.e. OWASP HTML Validator, Shiro, etc.) so that the reader can apply what has been presented.
One of the things that I really like about the book is the presentation of anti-patterns as well as positive patterns. The authors take the time to show you both the approaches that do not work as well as ones that will! This is crucial as many of the bad approaches (anti-patterns) are solutions that are often seen in real-world situations. The authors explain why the anti-patterns are weak and then present solutions that will work!
The breadth of the topic matter is superb. The OWASP top 10 vulnerabilities are well represented in this book. However, it goes beyond the theoretical and covers topics that have an immediate impact to actual projects. I recently found myself pointing a fellow developer to the chapter on Safe File Upload and File I/O.
This book is very approachable and would be appropriate anyone in application development, project management, information security, or upper management.
This is absolutely a must-read for developers in industries that deal with personal, financial, or medical information.
I highly recommend this book!
Great practical examples that I found easy to follow and to implement.
I particularly liked the explanation on the anti-patterns and the reason for their inadequacy when used exclusively(e.g. Black list validation).
I was pleasantly surprised to find the topic that covers authorization approaches other than the usual role-based approach. The book does justice in covering different authorization approaches and also looking at what modern applications will begin to need, which pure role-based approaches fall short on.
All in all, I enjoyed all the chapters in this book. I continue to re-read topics of interest from some chapters, to make sure that the lessons become part of how I approach all my future projects.
Since the OWASP Java Encoder project hasn't been getting updates recently, I am not sure about how relevant it will be in this book few years from now. Nevertheless, the idea of context-specific output encoding is covered well. I think the code examples need to be revised.
web application in java, and explain how hackers think and exploit weak area in application, and then give you all available ways to defense against.