Andre's Security Links

Andre's Home
Web
Java JAAS
EJB
PKI
Kerberos
SSL
Web Services
SAML
EJB Misc

General

Internet Security Special - eWeek - March 2006
SANS Security Whitepapers
CERT - CERT Coordination Center - Carnegie Mellon
devX Security
W3 Security FAQ - Lincoln Stein
SiteAdvisor - Crawler
Yahoo Computer Security
ESJ Security Latest News - Access
- Top Ten Security Trends for 2005 - Dec. 2004
Web Security page - Best Practices - Sun Dot-Com Builder - good articles
Overview of Security Standards - Oracle OTN -
Secure Shell - SSH
JavaRanch Security
Vordel tutorial: XML Security - FAQ
Dev Shed Security Articles Index
Phil Zimmerman - PGP inventor
Security Analysis & Design - November 2000
Network Security - UNIX Review - April 1999

Web Security

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html - J2EE 1.4 Tutorial
- Servlets
- Security
Security in the Web-Tier - Sun 1.3 trail
Web Services Tutorial Security 1.3
- Web Services Tutorial Security 1.3
- Installing SSL
Securing Web Applications - Sun ONE 7 - Ch. 5

EJB Security

WebLogic 7.0 Security - FAQ
Enterprise Java Security Fundamentals - InformIT book sample chapter
J2EE Security - InformIT book sample chapter - Nov. 2003
EJB Security
- Integrate security infrastructure with JBossSX - JavaWorld - Aug. 2001
- Customized EJB Security with JBoss - JavaWorld - Feb 2002
- Best Practices for EJB Security - WebSphere magazine
WebSphere and IBM Security
- WebSphere Application Server V5 advanced security and system hardening - Botzum - June 2004 - Good!
- Tivoli and IBM Security
- Securing applications and their environment - WebSphere 6.0 - InfoCenter
- Welcome to Security - WebSphere 5.1 - InfoCenter
- Security challenges for Enterprise Java in an e-business environment - IBM - Oct 2000

Java Security

JAAS
- Sun Developers - Java Security Articles
  - Secure Internet Programming - Server Side
  - Secure Internet Programming - Client Side
  - Password Masking - Sep. 2002
- Java Olympus Seucurity Articles
- JAAS 1.0 Home Page - FAQ - Doc - Tech Articles
- Documentation
- Secure Internet Programming with J2SE 1.4 - JDC - Nov. 2002
- LoginContext example - WebSphere 5.1 InfoCenter
Sun Java Security
- Security 1.2 Tutorial
- Archives of java-security@sun.com
Cryptography
- JCE
- How to Implement a Provider for the JavaTM Cryptography Extension in JDK 1.4
- Bouncy Castle - JCE and JCA crypto API
- PrimeFactors
- Triple DES
Authentication
- Build and implement a single sign-on solution - IBM - Sep. 2003
- Securing Systems: A three-pronged solution for identifying users - July 2001
JavaWorld Security Articles
- Mix protocols transparently in Web applications - Feb 2002
- Construct secure networked applications with certificates - January 2001
- Java security evolution and concepts, Part 1: Security nuts and bolts - April 2000
- Secure a Web application, Java-style - April 2000
Other
- O'Reilly Java Security articles
- Integrate securoty infrastructure with JBossSX - JavaWorld - Aug. 2001
- free.tagish.net - JAAS module for NT authentication
- O'Reilly JAAS tutorial [PDF of PPT]
- Java Blueprints Security excerpt
- A White Paper on Authentication and Access Management Issues
- Saffeine - JCA - provide feature driven license

SSL

Introduction to SSL - Netscape

Kerberos

PKI

The PKI Page
Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure - 2000
Understanding PKI - Verisign

Certificates

Digital Certificates Get Pentagon, Regulatory Boost - Eenterprise Systems - Sep 2004 - Good

Malware

Worst Browser Threats May Not be Security Holes - May 2005

Vendors

Verisign
Netegrity - Secure e-commerce
Entegrity - Secure B2B & EJB solutions
Concept 5

Betting Markets

Prediction Market - Wikipedia
Hollywood Stock Exchange - Wikipedia

Misc

HTTP Authentication - RFC 2617

Last updated: 25 October 2006