Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Ability to verify (ATV) probability

abort method

Abstract Factory pattern

Abstract objects

Abstraction layers

Access control 2nd

Assertion Builder pattern

broken

Business tier patterns 2nd

DMTF

EPAL

for smart cards

IETF Policy Management Working Group

J2EE

management services 2nd

Parlay Group

physical and logical

Web services 2nd

Access control lists (ACLs)

J2EE

JMS

Access points in case study

AccessController class

Accountability, checklist for

Accounts. [See User account provisioning]

Accuracy of biometric verification

ACLs (access control lists)

J2EE

JMS

Actions in Parlay

Active RFID tags

Activities in Secure UP

Actors in use cases

Add operation in SPML

Add-on, security as

addListener method

AddResponse message

Administration

in biometric systems

in Web tier patterns

reality checks for

Administrator privileges

Advanced Encryption Standard (AES) 2nd 3rd

Advice in SAML assertions

Advisory policies

Agent-based and agentless architecture for user account provisioning

Agent-based authentication 2nd

Agent-based policy enforcement

Aggregation, service

Alchemy of security design

conclusion

framework adoption

rationale

reality checks. [See Reality checks]

refactoring

references

Secure UP

artifacts in

risk analysis

trade-off analysis

security patterns. [See Security patterns]

service continuity and recovery

testing

ALE (Annual Loss Expectancy) 2nd

Alerts

SSL

Web services patterns

AlgorithmParameter class

AlgorithmParameterGenerator class

Alteration attacks

SAML

Secure Logger pattern 2nd

Annual Loss Expectancy (ALE) 2nd

Anonymous EJB resources

AOP (Aspect Oriented Programming) techniques

Apache Struts

in form validation XML

in Web data validation

with SecureBaseAction

with SimpleFormAction

APDUs (Application Protocol Data Units)

APIs

BioAPI

CertPath

JAAS

Java

Java Card

JCA

JCE

JSSE

SAAJ 2nd 3rd

SASL

Vendor-specific

Applets

for smart cards

Java Card

signed

Appletviewers

Appliances

firewall

strategies for

XML-aware

Application Controller

Application data messages in SSL

Application Protocol Data Units (APDUs)

Application Requests

Application security assessment model

Application Security Providers

Application-based authentication

Applications and application security

access control

as weakest links

audit and logging

authentication

buffer overflow

CLDC

coding problems

configuration data

cross-site scripting

data injection flaws

data transit and storage

deployment problems

DOS and DDOS attacks

encryption

error handling

in case study

input validation failures

Intercepting Web Agent pattern

J2EE

JSSE

man-in-the-middle attacks

multiple sign-ons

output sanitation

password exploits

policies

Secure Pipe pattern

security provisioning patterns

security tokens

servers

for biometrics

for smart cards

in use cases

session identifiers

session theft

Web tier patterns

Applying security patterns

Architecture

in case study 2nd

in security patterns

Authentication Enforcer

Business tier

Intercepting Validator

Intercepting Web Agent

Secure Base Action

Secure Service Proxy

inefficiencies

J2EE

J2ME

Java

Liberty Alliance

patterns-driven security design

personal identification systems

biometrics

smart cards

risk analysis

SAML 2nd

Secure UP 2nd

user account provisioning

centralized model vs. decentralized

components of

logical

Web services

XACML

Artifact Resolution Profile

Artifacts in Secure UP

Aspect Oriented Programming (AOP) techniques

Assemblers, J2EE

Assertion Builder pattern 2nd

and Single Sign-on Delegator pattern 2nd

consequences

forces

in service provisioning

in single sign-on

participants and responsibilities

problem

reality check

related patterns

sample code

security factors and risks

solution

strategies

structure

Assertion class

Assertion Query/Request profile

AssertionContext class

AssertionContextImpl class 2nd

Assertions

Java System Access Manager

SAML

attribute

authentication 2nd

authorization

WS-Policy

WS-Security

assertRequest method

Assessment checklists

Asset valuation

Asymmetric ciphers

Attachments in SOAP messages

Attack trees

AttributeQuery class

Attributes

J2EE

SAML

assertion 2nd

authority 2nd

mapping

profile

repository

Secure Service Facade pattern

XACML 2nd

AttributeStatement class 2nd

ATV (ability to verify) probability

Audit Interceptor pattern 2nd 3rd

and Message Inspector pattern

consequences

forces

in case study 2nd 3rd 4th

participants and responsibilities

problem

reality check

related patterns

sample code

security factors and risks

solution

strategies

structure

audit method

AuditClient.java file

Auditing

Assertion Builder pattern

Audit Interceptor pattern. [See Audit Interceptor pattern]

biometrics

Business tier patterns 2nd 3rd

Dynamic Service Management pattern

failures in

identity management 2nd 3rd

Secure Service Facade pattern

Secure UP 2nd

Security Wheel

Single Sign-on Delegator pattern

Web services 2nd

Web tier patterns 2nd

AuditLog class 2nd

AuditLogJdbcDAO class

AuditRequestMessageBean.java file

Authentication

assessment checklists

biometrics 2nd 3rd 4th

broken 2nd 3rd

in case study

in security patterns

Assertion Builder 2nd

Authentication Enforcer. [See Authentication Enforcer pattern]

Business tier

Dynamic Service Management

Intercepting Web Agent

Password Synchronizer

Policy Delegate

Secure Base Action

Secure Service Facade

Secure Session Object

Web tier

in trust model

J2EE 2nd

agent-based 2nd

application-based

container-based

declarative

programmatic

Web tier

JAAS

classes for

in clients

LoginModule for 2nd

web-tier

Java code

JMS

JSSE

Liberty Alliance sessions

multi-factor

personal identification

SAML 2nd

assertions in 2nd 3rd

third-party

Security services

Security Wheel

smart cards 2nd 3rd

Web services

Authentication Enforcer pattern

consequences

forces

in case study 2nd 3rd 4th 5th

participants and responsibilities

problem

reality checks in

related patterns

Container Managed Security

Secure Base Action

sample code

security factors and risk in

solution

strategies in

structure

Authentication provider-based strategy

Authentication Enforcer pattern

JAAS Login Module

Authentication Request protocol

AuthenticationEnforcer class

AuthenticationInstant class

AuthenticationProvider class

AuthenticationStatement class

Authoritative Source of Data pattern

Authorization

classes for

in security patterns

Dynamic Service Management

Intercepting Web Agent

Policy Delegate

Secure Base Action

Secure Session Object

J2EE 2nd 3rd

declarative

programmatic

Web tier

JAAS

implementing

strategy

SAML 2nd 3rd

Security services

Security Wheel

trust model

Web services

XACML 2.0

Authorization and Access Control service

Authorization Enforcer pattern

consequences

forces

participants and responsibilities

problem

reality check

related patterns

security factors and risks

solution

strategies

structure

Authorization providers

AuthorizationEnforcer class

AuthPermission class

Automated back-out strategy

Automated password retry

Availability

identity management patterns

in case study

in use cases

J2EE network topology

Message Interceptor Gateway pattern

Secure Message Router pattern

security provisioning patterns

Security Wheel

Web services

Index

Категории