Securing Java: Getting Down to Business with Mobile Code

This book is very informative, describes Java security model and its evolution in detail, in fact, in too much a detail to suit the advanced developers. It does not cover in detail how to write your own ClassLoader/SecurityManager and other security related components, so I would not recommend it to somebody wanting to rewrite the whole security model for an enterprise grade application, but this book surely covers a wide range of security basics which I find would be useful for anyone interested in security, not only for java developers. This books gives a detailed listing of kinds of security threats Java has faced since its inception and how they were plugged and while doing that it gives a good perspective how a system can be compromised or prevented from being so.

It is one of those few books, which captivates the reader to complete the book once he/she begins to read. Most of the contents can be understood by inexperienced Java programmers as well. It gives good leads to references in the area. It can be an eye opener to many people who donot understand the security and its importance.

IMHO, this book is an excellent conceptual overview which also goes into some practcial areas, such as signing applet with JDK1.1 and 1.2, IE & Netscape, SignTool, javakey, keytool, JARs and CABs, etc. Has pointers to many relevant resources on the net.But doesn't go into very details (only 315 pp.) and doesn't have any source code.

It covers all aspects of Java security from known bugs to the sandbox to the Java Card API and everything in between. The authors are well known security analysts and give you the straight dope on Java security (good and bad).The book is incredibly well researched and extremely accurate. On top of that the writing is excellent and won't put you to sleep as many security tomes will.This book is useful for anyone from novice users to managers to Java Programmers who are concerned about security. Anyone who is involved with or concerned about Java security should buy this book as it will provide them with the information that they need.