Software Security for Developers: With Examples in Java and Spring

Cloud applications have special security requirements and concerns. This book demonstrates effective real-world practices to keep your cloud and Kubernetes-deployed applications safe and sound.

It is a hands-on guide for working developers. It minimizes the abstract and complex security theory, instead focusing on the practices you need to secure applications running on Kubernetes and the cloud. In it, you'll learn how to take advantage of pre-built security services in your daily development. Authors Adib Saikali and Laurentiu Spilca take a developer-to-developer approach, sharing hard-won lessons from many years securing software in real-world environments. Easy-to-follow sample applications written in Java take you hands-on with security standards and protocols, turning complex concepts into practical solutions.

In this book you will learn how to:

- Configure industry standard security protocols correctly
- Quickly debug errors and exceptions form security libraries
- Utilize the developer-friendly Google Tink cryptography library
- Work with X.509 digital certificates for implementing application security
- Setup passwordless logins using the WebAuthentication protocol
- Implement single sign on using OpenID Connect protocol
- Establish authentication and authorization services using the Spring Authorization Server
- Make use of popular secret storage solutions including HashiCorp Vault, AWS KMS, Google KMS, and Azure Key Vault
- Use the security features of Kubernetes to secure deployed applications
- Securely containerize application code

About the technology

Despite its absolute importance, security practices can appear to be confusing, complex, and mysterious. This book breaks down the fundamentals of securing cloud-based applications in a way that's both practical and easy to understand. The goal is simple: you'll learn the concepts and practices you'll need to keep your cloud applications and data safe during development and after deployment.

About the book

Software Security for Developers demystifies complex security protocols, algorithms, and patterns, and demonstrates how to put them into practice in everyday development. This one-stop guide to all major security concepts will teach you how to rapidly debug security-related issues, and put an end to unreliable fixes.

Sample cloud applications help illustrate complex security ideas in a digestible and developer-friendly way. Discover how to use cryptographic algorithms correctly, liberate your users from constant passwords and logins, and make your life easier with prebuilt security from leading cloud key management vaults and services. By the time you're done, you'll know everything you need to keep your applications secure and your company's data safe.

About the reader

For intermediate Java developers ready to up their security skills.

About the author

Adib Saikali started his professional software development career in 1995. Over the past 25 years he has implemented security in a variety of applications. Adib is currently a principal solutions engineer at VMware Tanzu and a regular conference speaker.

Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning's Spring Start Here, Troubleshooting Java, and Spring Security in Action.