|Now used by course INFSCI 2935, Developing Secure Systems, University of Pittsburgh, School of Information Sciences|
From the Preface
The state of affairs in the world of custom application development is nothing short of a crisis. Consider these facts:
The average programmer is woefully untrained in basic principles related to reliability and security.
The tools available to programmers are woefully inadequate to expect that the average programmer can produce reliable and secure applications.
Organizations that procure applications are woefully unaware of this state of affairs, and take far too much for granted with regard to security and reliability.
This book attempts to bring awareness of these issues to the mainstream software development community, and tries to provide developers with basic principles and techniques that can be applied to the development of business applications. Today’s dynamic development environment—driven by a desire for agility, responsiveness, and low cost—can adopt these techniques to improve their processes.
Who This Book Is For
This is not a programming book. It has little code in it, and the patterns are abstractly expressed. It is also not a book about hacking. Hacking is inherently technology specific. This book is about fundamentals, and its intent is to help lay a foundation from which the reader can begin the journey of understanding how reliable and secure applications can be designed and implemented.
This book is written for the practicing software application architect who works in a business application design and programming environment. It is also written for lead designers and technical managers in such an environment, as well as those who manage IT organizations and are somewhat technically inclined.
|Other Work Related to Vulnerability and Attack Taxonomies|
Defining Java Permission Models:
IBM: Tivoli Access Manager
BEA: Using Java Security to Protect WebLogic Resources