Software Security for Developers: With Examples in Java and Spring

Get the eBook free when you register your print book at Manning.

Software security is about understanding how real systems fail, and how to build them so they don't. This book gives you that understanding, and shows you how to apply it in the modern cloud and Kubernetes environments you work with every day.

The book starts with the reality developers face: security problems are not theoretical--they show up in design choices, dependencies, configuration, and day-to-day coding decisions. You'll see why breaches happen, how supply chain risks creep in, and how "secure development" actually looks across the lifecycle--from design to deployment.

From there, the book builds the foundation you need to work confidently with security tools. Instead of treating frameworks as black boxes, it explains the standards, protocols, and patterns they implement.

You'll learn how integrity, encryption, authentication, and identity really work--so TLS, OAuth2, OpenID Connect, and certificates become understandable and usable.

With that foundation in place, the focus shifts to modern application architecture. You'll implement secure communication channels, design authentication and identity flows, adopt passwordless approaches, and manage authorization across complex service-to-service call chains. Along the way, you'll see how to give every service an identity, enforce access policies, and secure interactions in distributed, cloud-native systems.

Throughout the book, concepts are grounded in practical Java examples that mirror real production scenarios. By the end, you'll be familiar with security terms and know how to apply them to build systems that pass audits, resist attacks, and hold up under real-world pressure.

What's inside

- Why security failures happen in real systems
- How to apply cryptography and security standards correctly
- How to secure identity, access, and service communication

About the reader

For developers who want to understand and apply security with confidence.

About the author

Adib Saikali is a Distinguished Software Engineer and a Principal Solutions Engineer at VMware Tanzu. Laurentiu Spilca is Java and Spring expert, an experienced technology instructor, and the author of several books.

Table of Contents

Part 1
1 Making sense of application security
2 Standards for implementing authentication
3 Service-to-service communication
Part 2
4 Message integrity and authentication
5 Advanced Encryption Standard
6 Public key encryption and digital signatures: Unleashing RSA
7 Public key encryption and digital signatures: Using ECC
Part 3
8 Public key infrastructure and X.509 digital certificates: Know who you're talking to
9 Working with X.509 certificates: Life cycle and self-signing
10 Transport Layer Security: How the internet is secured
Part 4
11 JSON Object Signing and Encryption
12 Single-sign on using OAuth2 and OpenID Connect
13 Deepening security with OpenID Connect
14 Passwordless login: Using magic links and one-time passwords
15 Passwordless login: WebAuthn and hardware authentication
Part 5
16 Implementing service identity
17 Taming authorization: RBAC, ABAC, and ReBAC
Appendix
A Installation and setup