リソース

このセクションでは、ご使用のアーキテクチャや設定に適用できるリソースを示します。

Java セキュリティリソース

次の表は、セキュアな Java コードの作成に役立つテクニカルリソースをリストします。

リソース

格納場所

Java Security (2nd Edition)
by Scott Oaks

O'Reilly & Associates

Java Security homepage

http://java.sun.com/security/

Security Code Guidelines

http://java.sun.com/security/seccodeguide.html

Professional Java Security
by Jess Garms, Daniel Somerfield

Wrox Press

Secure a Web Application Java-style by Michael Cymerman

http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-websecurity.html

Java Authentication and Authorization Service (JAAS)

http://java.sun.com/products/jaas/

Java Security Tutorial
by David Wheeler

http://www.dwheeler.com/javasec/

jGuru Security FAQ

http://www.jguru.com/faq/Security

A Security Infrastructure for Distributed Java Applications

http://www.cs.princeton.edu/sip/pub/placeless.pdf

リソース	格納場所
Java Security (2nd Edition) by Scott Oaks	O'Reilly & Associates
Java Security homepage	http://java.sun.com/security/
Security Code Guidelines	http://java.sun.com/security/seccodeguide.html
Professional Java Security by Jess Garms, Daniel Somerfield	Wrox Press
Secure a Web Application Java-style by Michael Cymerman	http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-websecurity.html
Java Authentication and Authorization Service (JAAS)	http://java.sun.com/products/jaas/
Java Security Tutorial by David Wheeler	http://www.dwheeler.com/javasec/
jGuru Security FAQ	http://www.jguru.com/faq/Security
A Security Infrastructure for Distributed Java Applications	http://www.cs.princeton.edu/sip/pub/placeless.pdf

次の表は、安全な Web アプリケーションのデザインに役立つ一般的なリソースのリストします。

リソース

格納場所

Dos and Don'ts of Client
Authentication on the Web

http://www.pdos.lcs.mit.edu/papers/webauth:sec10.pdf

SANS Institute 20 Most Critical
Internet Security Vulnerabilities

http://www.sans.org/top20.htm

Best Practices for Secure Web Development

http://www.cert.pl/PDF/secure_webdev-3.0.pdf

CERT Coordination Center Tech Tips

http://www.cert.org/tech_tips/

CERT Advisories

http://www.cert.org/advisories/

HTTP Authentication (RFC 2617)

http://www.ietf.org/rfc/rfc2617.txt

HTTP File Upload (RFC 1867)

http://www.ietf.org/rfc/rfc1867.txt

リソース	格納場所
Dos and Don'ts of Client Authentication on the Web	http://www.pdos.lcs.mit.edu/papers/webauth:sec10.pdf
SANS Institute 20 Most Critical Internet Security Vulnerabilities	http://www.sans.org/top20.htm
Best Practices for Secure Web Development	http://www.cert.pl/PDF/secure_webdev-3.0.pdf
CERT Coordination Center Tech Tips	http://www.cert.org/tech_tips/
CERT Advisories	http://www.cert.org/advisories/
HTTP Authentication (RFC 2617)	http://www.ietf.org/rfc/rfc2617.txt
HTTP File Upload (RFC 1867)	http://www.ietf.org/rfc/rfc1867.txt

次の表は、アプリケーションプログラミングのセキュリティのロールを理解するために役立つリソースをリストします。

リソース

格納場所

Fred Cohen & Associates

http://www.all.net/

Auditors Checklists

http://www.all.net/books/audit/

Microsoft Security homepage

http://www.microsoft.com/security/default.asp

The Basics of Security

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/deploy/config/server03.asp

Security Policy Issues

http://rr.sans.org/policy/policy_list.php

How to Design Secure Web Applications

http://www.macromedia.com/v1/handlers/index.cfm?ID=20014

Formal Trust and Authentication

http://www.macromedia.com/v1/handlers/index.cfm?id=20457

Hack Proofing Your Network: Internet Tradecraft by Ryan Russell and Stace Cunningham

Syngress Media (Editor)

Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGrawGary McGraw

Addison Wesley Professional

JRun プログラマーガイド
Web アプリケーションのセキュリティ

リソース	格納場所
Fred Cohen & Associates	http://www.all.net/
Auditors Checklists	http://www.all.net/books/audit/
Microsoft Security homepage	http://www.microsoft.com/security/default.asp
The Basics of Security	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/deploy/config/server03.asp
Security Policy Issues	http://rr.sans.org/policy/policy_list.php
How to Design Secure Web Applications	http://www.macromedia.com/v1/handlers/index.cfm?ID=20014
Formal Trust and Authentication	http://www.macromedia.com/v1/handlers/index.cfm?id=20457
Hack Proofing Your Network: Internet Tradecraft by Ryan Russell and Stace Cunningham	Syngress Media (Editor)
Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGrawGary McGraw	Addison Wesley Professional