Application Security Recipes for JAVA/JEE: A Problem-Solution Approach teaches how to build a highly secure and hack-resistant system using JAVA technology. This book provides end-to-end application security secrets and solutions. It provides a simplified and easy to follow approach to implement core security requirements (confidentiality, integrity, availability, authentication, authorization and accountability). When you start a new application development cycle or are working on existing legacy applications for the security aspects of the process, you can use the book as a catalog of ‘Security Best Practices’. The book content is organized in such a way that you feel you are working on system security at every phase of a software development life cycle (SDLC) in keeping with business requirements. This book starts its presentation with risk management terminology because without a fundamental understanding of risk you may fail to define a secure system; then the presentation moves towards the following topics in the process: identify and capture security requirements, transform all the identified requirements to a secure design phase, and then validate the design with threat model concepts. Thereafter we give a detailed presentation of the ‘Java built-in Security Model’, secure coding guidelines for Java, a presentation of various input injection attacks and web attacks, control injection attacks with input sanitization and output encoding, a detailed presentation of web services (SOAP/REST) security, validation and verification of all the security controls with ‘white-box’ and ‘black-box’ testing. Then, how to apply cryptosystem best-practices for application development, a presentation of cloud security and Android security, an introduction to the OWASP TOP 10 Risks for 2014 and the OWASP TOP 10 Mobile Risks for 2014 and finally a discussion of Spring framework's built-in security module is explored. The highlights of the book are:

• Input injection attacks & Web injection attack

• Threat modeling

• SOAP and RESTful web services security

• OAuth and SAML protocols

• Android Security & Cloud Security

This book guides you step-by-step through topics using complete and real-world code examples. Instead of theoretical descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can follow the recipes to define end-to-end security aspects of a system.