Software Security for Developers
With Examples in Java and Spring
Will be published approx. on 1. July 2026
Book
Paperback/Softback
360 pages
978-1-61729-858-5 (ISBN)
Description
Security can be hard to understand, and fixing problems is not always easy. Without a clear understanding of the basics, it is difficult to build secure systems. This book explains key security ideas in simple terms and shows how to use them in everyday development. It brings together the main security concepts in one practical guide.
Configure industry-standard security protocols correctly.
Quickly debug errors and exceptions from security libraries.
Use the developer-friendly Google Tink cryptography library.
Work with X.509 digital certificates to implement application security.
Set up passwordless logins using the Web Authentication protocol.
Implement single sign-on using the OpenID Connect protocol.
Software Security for Developers shows you how to keep your applications secure and your company's data safe. The book uses simple cloud app examples to explain important security ideas. You will discover how to use cryptographic algorithms correctly and reduce the need for constant passwords.
After reading this book, you will know everything you need to secure your applications. You will be able to rapidly debug security-related issues and put an end to unreliable fixes. This book is for intermediate Java developers who are ready to improve their security skills.
Configure industry-standard security protocols correctly.
Quickly debug errors and exceptions from security libraries.
Use the developer-friendly Google Tink cryptography library.
Work with X.509 digital certificates to implement application security.
Set up passwordless logins using the Web Authentication protocol.
Implement single sign-on using the OpenID Connect protocol.
Software Security for Developers shows you how to keep your applications secure and your company's data safe. The book uses simple cloud app examples to explain important security ideas. You will discover how to use cryptographic algorithms correctly and reduce the need for constant passwords.
After reading this book, you will know everything you need to secure your applications. You will be able to rapidly debug security-related issues and put an end to unreliable fixes. This book is for intermediate Java developers who are ready to improve their security skills.
Reviews / Votes
"A great guide covering security essentials for application developers in the 2020s. It simplifies complex topics & prepares you to handle real-world application security concerns."Radhakrishna MV
"Have a look at this book if you want to skill up on security topics! And don't fear mathematics, that's totally abstracted away, so that you can focus on the practical aspect of it."
Christoph Schubert
More details
Language
English
Place of publication
New York
United States
Target group
Professional and scholarly
Product notice
Paperback (trade)
Unsewn / adhesive bound
Weight
626 gr
ISBN-13
978-1-61729-858-5 (9781617298585)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Adib Saikali | Laurentiu Spilca
Software Security for Developers
E-Book
06/2026
Simon + Schuster LLC
€43.51
Not yet available
Person
Adib Saikali is a principal solutions engineer at VMware Tanzu, known for implementing security in a variety of applications. With over 25 years of professional software development experience, Adib brings practical, real-world security knowledge to his teaching. Adib translates complex security topics into practical guidance that enables developers to secure their applications effectively.
Lauren?iu Spilca is a skilled Java and Spring developer, known for his clear and effective technology instruction. As the author of several Manning books, including Spring Security in Action, Lauren?iu brings an experienced and accessible teaching style to every chapter. Lauren?iu helps developers master complex topics like Spring and Java security through practical examples and clear explanations.
Lauren?iu Spilca is a skilled Java and Spring developer, known for his clear and effective technology instruction. As the author of several Manning books, including Spring Security in Action, Lauren?iu brings an experienced and accessible teaching style to every chapter. Lauren?iu helps developers master complex topics like Spring and Java security through practical examples and clear explanations.
Content
PART 1: APPLICATION SECURITY THE BIG PICTURE
1 MAKING SENSE OF APPLICATION SECURITY
2 STANDARDS FOR IMPLEMENTING AUTHENTICATION
3 SERVICE-TO-SERVICE COMMUNICATION
PART 2: CRYPTOGRAPHY FOUNDATIONS
4 MESSAGE INTEGRITY AND AUTHENTICATION
5 ADVANCED ENCRYPTION STANDARD
6 PUBLIC KEY ENCRYPTION AND DIGITAL SIGNATURES: UNLEASHING RSA
7 PUBLIC KEY ENCRYPTION AND DIGITAL SIGNATURES: USING ECC
PART 3: SECURING COMMUNICATION CHANNELS
8 PUBLIC KEY INFRASTRUCTURE AND X.509 DIGITAL CERTIFICATES: KNOW WHO YOU ARE TALKING TO
9 WORKING WITH X.509 CERTIFICATES: LIFECYCLE AND SELF-SIGNING
10 TRANSPORT LAYER SECURITY (TLS): HOW THE INTERNET IS SECURED
PART 4: MODERN AUTHENTICATION AND IDENTITY
11 JSON OBJECT SIGNING AND ENCRYPTION (JOSE)
12 SINGLE SIGN ON (SSO) USING OAUTH2 AND OPENID CONNECT
13 DEEPENING SECURITY WITH OPENID CONNECT
14 PASSWORDLESS LOGIN: USING MAGIC LINKS AND OTPS
15 PASSWORDLESS LOGIN: WEBAUTHN AND HARDWARE AUTHENTICATION
PART 5: SECURING SERVICE-TO-SERVICE CALL CHAIN
16 IMPLEMENTING SERVICE IDENTITY
17 TAMING AUTHORIZATION: RBAC, ABAC, REBAC
APPENDIX
APPENDIX A: INSTALLATION AND SETUP
1 MAKING SENSE OF APPLICATION SECURITY
2 STANDARDS FOR IMPLEMENTING AUTHENTICATION
3 SERVICE-TO-SERVICE COMMUNICATION
PART 2: CRYPTOGRAPHY FOUNDATIONS
4 MESSAGE INTEGRITY AND AUTHENTICATION
5 ADVANCED ENCRYPTION STANDARD
6 PUBLIC KEY ENCRYPTION AND DIGITAL SIGNATURES: UNLEASHING RSA
7 PUBLIC KEY ENCRYPTION AND DIGITAL SIGNATURES: USING ECC
PART 3: SECURING COMMUNICATION CHANNELS
8 PUBLIC KEY INFRASTRUCTURE AND X.509 DIGITAL CERTIFICATES: KNOW WHO YOU ARE TALKING TO
9 WORKING WITH X.509 CERTIFICATES: LIFECYCLE AND SELF-SIGNING
10 TRANSPORT LAYER SECURITY (TLS): HOW THE INTERNET IS SECURED
PART 4: MODERN AUTHENTICATION AND IDENTITY
11 JSON OBJECT SIGNING AND ENCRYPTION (JOSE)
12 SINGLE SIGN ON (SSO) USING OAUTH2 AND OPENID CONNECT
13 DEEPENING SECURITY WITH OPENID CONNECT
14 PASSWORDLESS LOGIN: USING MAGIC LINKS AND OTPS
15 PASSWORDLESS LOGIN: WEBAUTHN AND HARDWARE AUTHENTICATION
PART 5: SECURING SERVICE-TO-SERVICE CALL CHAIN
16 IMPLEMENTING SERVICE IDENTITY
17 TAMING AUTHORIZATION: RBAC, ABAC, REBAC
APPENDIX
APPENDIX A: INSTALLATION AND SETUP