Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows.
$32.78 with 26 percent savings
List Price: $44.00
Get Fast, Free Shipping with Amazon Prime FREE Returns
FREE delivery Wednesday, July 9 on orders shipped by Amazon over $35
Or Prime members get FREE delivery Monday, July 7. Order within 19 hrs 14 mins.
In Stock
$$32.78 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$32.78
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Amazon.com
Sold by
Amazon.com
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

August Detlefsen
Follow
Jim Manico
Follow
Something went wrong. Please try your request again later.

Iron-Clad Java: Building Secure Web Applications (Oracle Press) 1st Edition

by Jim Manico (Author), August Detlefsen (Author)
4.5 out of 5 stars 54 ratings
{"desktop_buybox_group_1":[{"displayPrice":"$32.78","priceAmount":32.78,"currencySymbol":"$","integerValue":"32","decimalSeparator":".","fractionalValue":"78","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"TvtRtTO8qsHk9FRzDjMQXzKembsCt2xRSMB%2B8Asa45HD7ZHD7SzX0pWGIACz4P%2FYzJ0M7hpI7aGmWMn9RLF6T%2BD5CE%2Bu5ROcbzqs27ZxHSCTuBtkPbpwtD%2B9dBjCiIeuk%2BV%2FX%2F8x%2BCLeHGWZRXuuJw%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}]}

Purchase options and add-ons

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Proven Methods for Building Secure Java-Based Web Applications

Develop, deploy, and maintain secure Java applications using the expert techniques and open source libraries described in this Oracle Press guide. Iron-Clad Java presents the processes required to build robust and secure applications from the start and explains how to eliminate existing security bugs. Best practices for authentication, access control, data protection, attack prevention, error handling, and much more are included. Using the practical advice and real-world examples provided in this authoritative resource, you'll gain valuable secure software engineering skills.

  • Establish secure authentication and session management processes
  • Implement a robust access control design for multi-tenant web applications
  • Defend against cross-site scripting, cross-site request forgery, and clickjacking
  • Protect sensitive data while it is stored or in transit
  • Prevent SQL injection and other injection attacks
  • Ensure safe file I/O and upload
  • Use effective logging, error handling, and intrusion detection methods
  • Follow a comprehensive secure software development lifecycle

"In this book, Jim Manico and August Detlefsen tackle security education from a technical perspective and bring their wealth of industry knowledge and experience to application designers. A significant amount of thought was given to include the most useful and relevant security content for designers to defend their applications. This is not a book about security theories, it’s the hard lessons learned from those who have been exploited, turned into actionable items for application designers, and condensed into print." ―From the Foreword by Milton Smith, Oracle Senior Principal Security Product Manager, Java

Read more
Previous slide of product details
  1. ISBN-10
    0071835881
  2. ISBN-13
    978-0071835886
  3. Edition
    1st
  4. Publisher
    McGraw Hill
  5. Publication date
    September 9, 2014
  6. Part of series
    Oracle Press
  7. Language
    English
  8. Dimensions
    7.4 x 0.7 x 9.1 inches
  9. Print length
    304 pages
Next slide of product details

From the brand

Previous page

  2. As a leading global education company, our mission is to partner with educators, learners, and professionals to help them access all the value that education can offer, no matter where their starting points may be.

    For over 130 years, we have never stopped innovating to meet the ever-changing needs of educators and learners around the world – and will continue to support and celebrate their efforts every step of the way.

  3. Lifelong learner
Next page

Editorial Reviews

From the Publisher

Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.

August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.

About the Author

Jim Manico (Hawaii) is an independent software security educator. He has more than 18 years' experience with the Java programming language. Jim is also a global board member for the OWASP foundation.

August Detlefsen (San Francisco, CA) is a senior application security consultant with more than 18 years’ experience in software development, enterprise application architecture, and information security. He is an active member of OWASP.

Product details

  • Publisher ‏ : ‎ McGraw Hill
  • Publication date ‏ : ‎ September 9, 2014
  • Edition ‏ : ‎ 1st
  • Language ‏ : ‎ English
  • Print length ‏ : ‎ 304 pages
  • ISBN-10 ‏ : ‎ 0071835881
  • ISBN-13 ‏ : ‎ 978-0071835886
  • Item Weight ‏ : ‎ 1.15 pounds
  • Dimensions ‏ : ‎ 7.4 x 0.7 x 9.1 inches
  • Part of series ‏ : ‎ Oracle Press
  • Customer Reviews:
    4.5 out of 5 stars 54 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. August Detlefsen

    August Detlefsen

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    August Detlefsen is a Senior Application Security Consultant with more than eighteen years experience in Software Development, Enterprise Application Architecture and Information Security. August works with major clients in financial services, mobile and e-commerce, and technology to secure web properties from potential threats. His consulting services include offensive and defensive training, source code and infrastructure reviews, penetration testing, threat modeling, gap analysis, and architecture of software security controls. August is a graduate of Dartmouth College and an active member of OWASP. He has contributed to several open source security libraries which provide web developers with APIs for building robust applications. August also enjoys developing tools to assist penetration testers, including Burp Suite extensions to test specific web frameworks and actively and passively detect vulnerabilities.

    For more information about August, see https://www.codemagi.com

    See more on the author's page
  2. Jim Manico

    Jim Manico

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Jim Manico is an author and educator of developer security awareness trainings. He is a frequent speaker on secure software practices and is a member of the JavaOne "rockstar hall of fame". He has a 18+ year history building software as a developer and architect. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series, https://www.owasp.org/index.php/OWASP_Java_Encoder_Project and https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project all of which help Java developers build secure applications. Jim also lives on the island of Kauai with his wonderful wife Tracey. For more information, see http://www.linkedin.com/in/jmanico.

    See more on the author's page
Next page

Customer reviews

4.5 out of 5 stars
54 global ratings

Review this product

Share your thoughts with other customers
Write a customer review

Customers say

Customers appreciate the book's knowledge level, with one review highlighting its comprehensive coverage of essential topics and practical code examples. Moreover, the writing style receives positive feedback, with customers noting its inviting and conversational tone.

Select to learn more

Knowledge levelEnjoymentWriting style
5 customers mention "Knowledge level"5 positive0 negative

Customers appreciate the book's knowledge level, with one customer noting its concise coverage of essential topics and practical examples, while another mentions how it builds a framework for understanding complex concepts.

"...This book makes no assumptions. It builds a framework for understanding complex and sometimes intimidating concepts so that every reader can fully..." Read more

"...on current secure software development best practices, this book is invaluable...." Read more

"...Great practical examples that I found easy to follow and to implement...." Read more

"This is a must-have book for anyone architecting or developing webapps in Java...." Read more

4 customers mention "Enjoyment"4 positive0 negative

Customers find the book engaging and amazing, with one mentioning that it makes security topics enjoyable to read.

"...The style is conversational and very enjoyable. It makes reading about security fun while presenting key information that every developer needs to..." Read more

"This is amazing book, for busy developer who don't have a lot of time, this book cover most security issues you might have while developing..." Read more

"Great book by two knowledgeable fellows in web security...." Read more

"A brilliant book that I wish I had a few years ago...." Read more

4 customers mention "Writing style"4 positive0 negative

Customers appreciate the writing style of the book, finding it inviting and conversational.

"Let me first start out by complementing the authors on the writing style. The book is actually engaging...." Read more

"...The writing style stays conversational, while delivering the specific facts a developer needs to implement the recommendations." Read more

"...The writing style is also great. That being said, I don't like so much the presentation of CSRF...." Read more

"...Their writing style is very inviting; it reminds me of the style used by W. Richard Stevens in TCP/IP Illustrated." Read more

Top reviews from the United States

  • David E. Waldrop
    5.0 out of 5 stars Iron-Clad Java should be required reading for every Java developer!
    Reviewed in the United States on June 4, 2015
    Format: PaperbackVerified Purchase
    Let me first start out by complementing the authors on the writing style. The book is actually engaging. The style is conversational and very enjoyable. It makes reading about security fun while presenting key information that every developer needs to understand.

    This book makes no assumptions. It builds a framework for understanding complex and sometimes intimidating concepts so that every reader can fully grasp and own that material. Topics are then further explored with code examples as well as references to projects (i.e. OWASP HTML Validator, Shiro, etc.) so that the reader can apply what has been presented.

    One of the things that I really like about the book is the presentation of anti-patterns as well as positive patterns. The authors take the time to show you both the approaches that do not work as well as ones that will! This is crucial as many of the bad approaches (anti-patterns) are solutions that are often seen in real-world situations. The authors explain why the anti-patterns are weak and then present solutions that will work!

    The breadth of the topic matter is superb. The OWASP top 10 vulnerabilities are well represented in this book. However, it goes beyond the theoretical and covers topics that have an immediate impact to actual projects. I recently found myself pointing a fellow developer to the chapter on Safe File Upload and File I/O.

    This book is very approachable and would be appropriate anyone in application development, project management, information security, or upper management.

    This is absolutely a must-read for developers in industries that deal with personal, financial, or medical information.

    I highly recommend this book!
    One person found this helpful
    Helpful
     Report
  • R. Perris
    5.0 out of 5 stars If you are looking for advice on current secure software development best practices, this book is invaluable
    Reviewed in the United States on September 4, 2014
    Format: PaperbackVerified Purchase
    Concise coverage of all the essential topics. Iron-Clad Java is a winner. If you are looking for advice on current secure software development best practices, this book is invaluable. The writing style stays conversational, while delivering the specific facts a developer needs to implement the recommendations.
    7 people found this helpful
    Helpful
     Report
  • Georgios Mournos
    4.0 out of 5 stars I really liked this book, but ...
    Reviewed in the United States on December 26, 2014
    Format: KindleVerified Purchase
    I really liked this book. It brings a lot of issues together, than one otherwise should look up in too many different sources.
    The writing style is also great.

    That being said, I don't like so much the presentation of CSRF. I believe the discussion of this problem should start by describing the "same-origin policy", cos this is where the problem but also the solutions start. CSRF is a case where the "same-origin policy" does not apply. The "Synchronizer token" offers effective protection cos the attacker cannot retrieve the token by doing a GET request before the POST request that would submit the token,because of the "same-origin policy". And in the "double submit cookies" solution, the attacker cannot read any data sent from the server or modify cookie values, per the same-origin policy, and not because the cookie is HttpOnly, as the authors put it. On the contrary, this cookie should not be HttpOnly, so that javascript frameworks such as AngularJS and DWR can manipulate it.
    I think that the chapter of CSRF should be rewritten around the "same-origin policy".

    One other place I disagree with the authors is the presentation of the "Insecure Direct Object Reference" Attack as a special case of SQL injection. Specifically, the authors present a special case of SQL injection where the injected part is the "order by clause" as the "Insecure Direct Object Reference" Attack. However, the later is not related to SQL injection.
    5 people found this helpful
    Helpful
     Report
  • Buhle
    5.0 out of 5 stars A brilliant book that I wish I had a few years ago.
    Reviewed in the United States on January 7, 2015
    Format: KindleVerified Purchase
    I couldn't put the book down, as I found a lot of things that I will incorporate in my next projects.
    Great practical examples that I found easy to follow and to implement.

    I particularly liked the explanation on the anti-patterns and the reason for their inadequacy when used exclusively(e.g. Black list validation).

    I was pleasantly surprised to find the topic that covers authorization approaches other than the usual role-based approach. The book does justice in covering different authorization approaches and also looking at what modern applications will begin to need, which pure role-based approaches fall short on.

    All in all, I enjoyed all the chapters in this book. I continue to re-read topics of interest from some chapters, to make sure that the lessons become part of how I approach all my future projects.
    2 people found this helpful
    Helpful
     Report
  • Amazon Customer
    5.0 out of 5 stars This is amazing book, for busy developer who don't have a ...
    Reviewed in the United States on March 19, 2018
    Format: PaperbackVerified Purchase
    This is amazing book, for busy developer who don't have a lot of time, this book cover most security issues you might have while developing
    web application in java, and explain how hackers think and exploit weak area in application, and then give you all available ways to defense against.
    Helpful
     Report
  • Steve Springett
    5.0 out of 5 stars This is a must-have book for anyone architecting or developing ...
    Reviewed in the United States on October 23, 2014
    Format: PaperbackVerified Purchase
    This is a must-have book for anyone architecting or developing webapps in Java. The advice is solid, un-biased, and framework agnostic, so the lessons learned from it should apply to any project. The takeaways from reading it will be a solid understanding of what is wrong with many webapps (in general) and corrective measures you can take to mitigate the issues. I highly encourage dev teams to collaborate on the examples in the book.
    7 people found this helpful
    Helpful
     Report
  • Irry
    5.0 out of 5 stars Great book by two knowledgeable fellows in web security
    Reviewed in the United States on October 19, 2014
    Format: PaperbackVerified Purchase
    Great book by two knowledgeable fellows in web security. Their writing style is very inviting; it reminds me of the style used by W. Richard Stevens in TCP/IP Illustrated.
    One person found this helpful
    Helpful
     Report
  • Len
    1.0 out of 5 stars Warning -- You get what you pay for.
    Reviewed in the United States on March 11, 2015
    Format: PaperbackVerified Purchase
    I wouldn't waste my $$$ on this book if I needed something that would help me to my job. I does not have enough information in it to do the job. It is more of a very high level, secondary reference book, which tells you where to go, rather than giving you what you need to know to do the job.
    I should have known by the price that it would not do the job; i.e., $28.95....
    I have 50 to 75 good software technical books in my reference library and most of which cost at least $40+ to $60+.
    2 people found this helpful
    Helpful
     Report

Top reviews from other countries

Translate all reviews to English
  • Wizard
    5.0 out of 5 stars Regalo perfetto per un buon collega
    Reviewed in Italy on March 8, 2019
    Format: PaperbackVerified Purchase
    Ho acquistato questo libro per un collega, che cambiando azienda, si sarebbe occupato delle tematiche ivi trattate.
    Un ottimo e apprezzato regalo di arrivederci.
    Report
  • prakash varma
    4.0 out of 5 stars Four Stars
    Reviewed in India on November 23, 2014
    Format: PaperbackVerified Purchase
    Every Java web application developer should have this book.
    Report
  • Vasile Gorcinschi
    5.0 out of 5 stars Excellent book! The only suggestions would be to include ...
    Reviewed in Canada on September 5, 2016
    Format: PaperbackVerified Purchase
    Excellent book! The only suggestions would be to include a greater coverage of Spring Security (and securing thymeleaf views against csfr attacks) and Apache Shiro. And to update examples that are based on the frameworks which are on the slope of popularity (Struts) in favor of more popular ones. But even without that it remains a must read for Java developers.
    Report
  • laurent marot
    4.0 out of 5 stars indispensable synthèse pour tout DEVSEC java
    Reviewed in France on October 31, 2014
    Format: PaperbackVerified Purchase
    Livre à la fois synthétique et pointu.
    Bonne source complémentaire de code à associer aux ressources traditionnelles de l'OWASP.
    Dommage que le code des exemples ne soit pas disponible en téléchargement
    Report