In this month's security roundup, we take a look at a topic that's near and dear to the hearts of a lot of us here at DZone: Java. One of the most ubiquitous languages in the programming world, Java security is on the most viewed article topics on our site. So, pull up a chair, get comfortable, and pour yourself a big, steaming cup of Java (security).
Become a Security Brew Master
- A Java Implementation of CSRF Mitigation Using 'Double Submit Cookie' Pattern by Adrian CITU. The goal of this article is to present an implementation of the "double submit cookie" pattern used to mitigate Cross-Site Request Forgery (CSRF) attacks. The proposed implementation is a Java filter plus a few auxiliary classes and it is (obviously) suitable for projects using the Java language as backend technology.
- Advanced Microservices Security With Spring and OAuth2 by Piotr Minkowski. Beginning from an API, the author walks us through the process of setting up a security architecture and implementing an authentication protocol for a Java-based web application.
- Easily Secure Your Spring Boot Applications With Keycloak by Sébastian Blanc. We take a look at how to install and work with an open-source server that's designed to secure Spring Boot- and Jave EE-based applications. The article also goes through the process of creating an application in using Keycloak and secure coding methods.
- Java Application Security Frameworks by Swathi Prasad. A quick look by a web developer at five frameworks that Java developers can use to add security protocols to their web applications. Designed to combat the vulnerabilities on the OWASP Top Ten, these applications make it a little easier to develop secure code and applications.
SecureLogin for Java Web Applications by Bozhidar Bozhanov. A tutorial on how to use this freely available and open source security platform to implement secure login platforms to your Java-based application. SecureLogin can also be used with Spring MVC and Spring Security Flow.
See What the Java Security Team Has to Say
- What Actions Can I Take to Increase the Security of Java? by the Java Team. A quick rundown of security tips and tricks and links to further resources put together by the Java team at Oracle.
- What Developers Need to Know About Java Security by the Java Team. A reference guide for Java developers looking to up their security game, and learn more about how to protect their code, applications, and other software.
Java RIA Security Checklist by Java Team. An overview of several changes to Java since Java 7's release, put together by the Java team, that goes over topics that affect security, such as the signing of JAR files and dealing with RIA's that cannot be modified.
Take a Deeper Dive Into Java Sec With Our Publications
The DZone Guide to Proactive Security: Apps, Environments, and Messaging, featuring articles by Boaz Shunami, Jeff Williams, Katie Strzempka, Chris Lamb, James Wickett, Ivan Dwyer, and Tom Smith. With the rise of high-profile ransomware and DDoS attacks comes a greater need than ever for powerful application security. The 2017 Guide to Proactive Security discusses the actions that experts are taking to combat the growing list of threats, and what developers can do to be proactive in securing their apps and processes.
Java Application Vulnerabilities RefCard by Ryan O'Leary. Java Applications, like any other, are susceptible to gaps in security. This Refcard focuses on the top vulnerabilities that can affect Java applications and how to combat them.
Java EE Security Essentials Refcard by Arjan Tijms and Masoud Kalali. The Java EE security specification supports a set of required security functionalities including authentication, authorization, data integrity, and transport security. This newly updated Refcard begins by introducing some common terms and concepts related to Java EE security such as identity stores and authentication mechanisms. We then explore authentication authorization, web module security, EJB module security, and application client security with in-depth examples.
Find Your Next Great Security Gig
Experience working with distributed systems and networking, JVB debugging, systems integration, as well as search, analytics, and Lucene. The chosen candidate will be responsible for designing and implementing internal security mechanisms to secure individual Elasticsearch clusters, as well as provide security for cross-cluster operations.