Software Security for Developers

Get the eBook free when you register your print book at Manning.Software security is about understanding how real systems fail, and how to build them so they dont. This book gives you that understanding, and shows you how to apply it in the modern cloud and Kubernetes environments you work with every day. The book starts with the reality developers face: security problems are not theoreticalthey show up in design choices, dependencies, configuration, and day-to-day coding decisions. Youll see why breaches happen, how supply chain risks creep in, and how secure development actually looks across the lifecyclefrom design to deployment. From there, the book builds the foundation you need to work confidently with security tools. Instead of treating frameworks as black boxes, it explains the standards, protocols, and patterns they implement. Youll learn how integrity, encryption, authentication, and identity really workso TLS, OAuth2, OpenID Connect, and certificates become understandable and usable. With that foundation in place, the focus shifts to modern application architecture. Youll implement secure communication channels, design authentication and identity flows, adopt passwordless approaches, and manage authorization across complex service-to-service call chains. Along the way, youll see how to give every service an identity, enforce access policies, and secure interactions in distributed, cloud-native systems. Throughout the book, concepts are grounded in practical Java examples that mirror real production scenarios. By the end, youll be familiar with security terms and know how to apply them to build systems that pass audits, resist attacks, and hold up under real-world pressure. What's inside Why security failures happen in real systems How to apply cryptography and security standards correctly How to secure identity, access, and service communication About the reader For developers who want to understand and apply security with confidence. About the author Adib Saikali is a Distinguished Software Engineer and a Principal Solutions Engineer at VMware Tanzu. Laurentiu Spilca is Java and Spring expert, an experienced technology instructor, and the author of several books. Table of Contents Part 1 1 Making sense of application security 2 Standards for implementing authentication 3 Service-to-service communication Part 2 4 Message integrity and authentication 5 Advanced Encryption Standard 6 Public key encryption and digital signatures: Unleashing RSA 7 Public key encryption and digital signatures: Using ECC Part 3 8 Public key infrastructure and X.509 digital certificates: Know who youre talking to 9 Working with X.509 certificates: Life cycle and self-signing 10 Transport Layer Security: How the internet is secured Part 4 11 JSON Object Signing and Encryption 12 Single-sign on using OAuth2 and OpenID Connect 13 Deepening security with OpenID Connect 14 Passwordless login: Using magic links and one-time passwords 15 Passwordless login: WebAuthn and hardware authentication Part 5 16 Implementing service identity 17 Taming authorization: RBAC, ABAC, and ReBAC Appendix A Installation and setup