Title: Core Security Patterns
Author(s): Christopher Steel, Ramesh Nagappan, Ray Lai
Editorial: Prentice Hall
I recommend this book for everyone who wants to know everything about security in Java applications. I like “Chapter 1: Security by Default” and “Chapter 2: Basics of Security”, they are a good introduction to security concepts.
I found in this book a better way to express what I always think about the way some sysadmins take care of security,… they only pay attention to application security!
Most security administrators focus on network and infrastructure security and tend to ignore application-specific and content-level vulnerabilities. This leads to application and content-level attacks suck as malicious code injection, cross-site scripting, XML attacks, and so on.
It shows some interesting best practices and strategies to secure java applications and also web services. If you take care of security, you must buy this book.