Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology

Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology

$49.99 $34.99

  • Release Date: 24 September, 2002
  • Used Price: $10.77
  • Availability: Usually ships within 24 hours
  • Third Party Used Price: $10.76

Authors: Art Taylor, Brian Buege, Randy Layman

Similar Products

Hacking Exposed (TM) Web Applications

From $34.99:

Hacking Exposed (TM) Web Applications

Java Security (2nd Edition)

From $31.47:

Java Security (2nd Edition)

Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition

From $34.99:

Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition

J2EE Security for Servlets, EJBs, and Web Services

From $34.99:

J2EE Security for Servlets, EJBs, and Web Services

Web Hacking: Attacks and Defense

From $34.99:

Web Hacking: Attacks and Defense

Customer Rating: 3.8 of 5 (5 total reviews)

  • 3 starsAll you need is one URL: [java.sun website]

    This book is nicely put together and fairly complete, but is basically a regurgitation of the java.sun web site! Here is a sample of the JCE section in HackingExposed:
    "The Java Cryptography Extension (JCE) package provides a framework for encryption and decryption, key generation, key agreement, and MAC. Encryption allows symmetric, asymmetric, block, and stream ciphers, with additional support for secure streams and sealed objects."
    ...
    "The JavaTM Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects."
    To be fair, I haven't read the entire book yet, but this is not the only plagiarized section. My litmus test? If I were back in school, would this be an honor code violation? You bet.

  • 5 starsComprehensive Java Security Book

    This is a very good book on java security that starts pretty much from the ground up so you have to know much about security to read it. The first part of the book starts out with
    some of the java security basics (classloading, protection domains, etc.) and then goes through the JAAS, JCE, and JSSE modules.

    The second part of the book goes through how to use security in stand alone java applications and what pitfalls you need to watch out for. The book also details where security is lacking or not mature and what the alternative are.

    The third section of the book goes through security in the J2EE environment and where the J2EE containers can help out the developers by doing most of the work for them.

    Overall this book provides a very good overview of security in all the java environments while not requiring previous security knowledge. I highly recommend it.

  • 1 starsNot a Hacking Exposed book at all

    If this book had been titled differently, I would have had no
    reason for complaint: it gives a good introduction to Java
    Security, and how to deploy it in various forms.

    But it *is* titled 'Hacking Exposed'. That is now taken
    to be an indication of a particular approach to security,
    ... The blurb
    acknowledges it: 'The proven Hacking Exposed methodology'
    is the first thing mentioned under 'What You Learn'.

    And I bought this title without second thought -- I have
    nothing but praise for the previous books, and expected
    to find the same approach and the same quality here.

    ...In this book you find a lot of information on prevention, but
    very little on actual vulnerabilities. As a result the
    message is far less urgent. If I can demonstrate a 'hack'
    the message gets across very quickly: we have to do something
    about it. Now. But if all I can do is point to a text that
    says 'attackers can potentially attach a debugger to our
    application and watch the code as it runs', urgency is gone.

    There's another point there as well: 'our application'.
    Those words probably sum up the difference from, say, 'Hacking
    Exposed Web Applications'. This book is not from the point of
    view of the hacker that the previous books used so well to get
    their message across. This is 'we', protecting our assets from
    a considerably more nebulous hacker than have appeared before.

    The difference is the same as between an actual security
    incident on one hand, and the report of a threat analysis on
    theother.

    In short, this is not a Hacking Exposed book. It's a Java
    Security Exposed book. As such it probably merits four stars.

    But ... as it is marketed as a Hacking Exposed book, and,
    in my opinion, doesn't live up to the expectations that goes
    with that trademark, I'm afraid I can't give any rating at all.
    (1 star seems to be the lowest possible, so that is what I give it.)

    I'll be very careful about purchasing the next red book
    with "Hacking Exposed" all over the front cover. I juist
    might find that I have bought 'Hacking Exposed - ISO 17799'.