Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

B2B (Business-to-Business) applications

     identity management in

     Liberty Alliance transaction support in

Back-out password strategy

Basic authentication

     in web.xml

     J2EE 2nd

Basic Information

Basic Profile

Basics of security

    cryptography. [See Encryption and cryptography]

     identity management

    LDAP. [See LDAP (Lightweight Directory Access Protocol)]

     references

     requirements and goals

     summary

     threat modeling

beginHandshake method

Bertillon, Alphonse

Best practices

    Business tier patterns

         architecture

         infrastructure

         policy

     Identity management patterns

    personal identification

         biometrics

         smart cards

    security provisioning patterns

         application design

         quality of service

         risk mitigation

         server sizing

    Web services patterns

         communication and message security

         infrastructure

         testing and deployment

     Web tier patterns

         applications

         communication

         infrastructure

Binary security tokens

BinaryToken class

BIND requests

BioAPI standard 2nd

Biometric identification and authentication 2nd 3rd

     accuracy

     architecture and implementation

     best practices

     in multi-factor authentication

     operational models

     SSO strategy

     verification process

Biometric service providers (BSPs)

Black box testing

     in case study

     Secure UP 2nd 3rd

Blanket MIDlets

Block ciphers

Block encryption algorithms

Bodies in SOAP messages

Broken access control risk

Broken authentication

     Assertion Builder pattern

     Password Synchronizer pattern

Browser plug-ins

     for biometrics

     for smart cards

Brute force attacks

BSPs (biometric service providers)

Buffer overflow

Build portion in patterns-driven security design

Build vs. buy decisions

     Assertion Builder pattern

     Business tier pattern

     Intercepting Web Agent pattern

     Password Synchronizer pattern

Built-in Java security model

Business and business challenges

     in case study

     processing logic

     service provisioning

     tasks auditing

Business Delegate pattern

     and Delegate pattern

     and Single Sign-on Delegator pattern

     and Synchronizer pattern

Business tier

     in case study 2nd 3rd

    in J2EE. [See EJB tier in J2EE]

     reality checks for

     security patterns 2nd

         Audit Interceptor

         best practices

         Container Managed Security

         Dynamic Service Management

         factor analysis

         Obfuscated Transfer Object

         overview 2nd

         pitfalls

         Policy Delegate

         references

         Secure Service Facade

         Secure Session Object

Business-to-Business (B2B) applications

     identity management in

     Liberty Alliance transaction support in

Bytecode verifiers