Core Security Patterns by Steel, Nagappan & Lai (2006)

Notes, Discussion Points and Review

Chapter One - "Security by Default"

Summary: End to End Security is important to implement during development, not post deployment.

Usage of double negatives can make this a difficult to read text.

Includes one paragraph descriptions of numerous types of attacks or security issues:


Smart Cards and biometrics are introduced and briefly discussed. Biometrics have been in use for a long time and have proven to be the most accurate and effective way to provide identification.

The case that lays out "cost justification" for J2EE security is poor. Not enough information is provided, they might as well be pulling numbers out of the air (item G even has a math error). Reverse engineering their assumptions indicates this would be a company of 10,000 people making $280,000 in sales per day (profit or gross?).