Software Security for Developers you own this product

With examples in Java and Spring

Adib Saikali, Laurențiu Spilcă

MEAP began November 2021
Last updated March 2026
Publication in April 2026 (estimated)

ISBN 9781617298585
371 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Software Development / Software Engineering / Security and Privacy / Cloud Application Security

resources: Source code Book forum Source code on GitHub

table of content

Part 1: Application Security the Big Picture

1 Making Sense of Application Security

1.1 Developers’ responsibility in software security

1.1.1 What does secure development actually look like?

1.1.2 How security expectations shape the developer’s role

1.2 Securing the supply chain risk

1.3 Roles and responsibilities in security

1.4 What you will learn in this book

1.5 Summary

2 Standards for implementing authentication

2.1 Logging users in

2.1.1 Customer authentication

2.1.2 Employee authentication

2.1.3 Partner authentication

2.1.4 Phishing resistant authentication

2.1.5 Authentication technology from a developer’s perspective

2.1.6 Exercises

2.2 Securing application credentials

2.2.1 Exercises

2.3 Exercise Answers

2.4 Summary

3 Service-to-service communication

3.1 Securing the service-to-service call chain

3.1.1 Propagating user identity through the service call chain

3.1.2 Determining service identity

3.1.3 Exercises

3.2 Securely running services on Kubernetes

3.2.1 Exercises

3.3 Security technologies every developer should know

3.3.1 Exercises

3.4 Exercise Answers

3.5 Summary

Part 2: Cryptography foundations

4 Message Integrity and Authentication

4.1 The goals of cryptography

4.2 Cryptographic hash functions

4.2.1 Secure Hash Algorithm (SHA)

4.2.2 Verifying integrity using a cryptographic hash function

4.2.3 Design for hash function change

4.2.4 Exercises

4.3 Java cryptography architecture and extensions

4.4 Implementing message integrity in Java

4.5 Message Authentication Code (MAC)

4.5.1 Hashed Message Authentication Code (HMAC)

4.5.2 Java Support for HMAC

4.5.3 Exercises

4.6 Guaranteeing authenticity using HMAC

4.7 Exercise answers

4.8 Summary

5 Advanced Encryption Standard

5.1 Advanced Encryption Standard Overview

5.2 Modes of operation

5.2.1 Cipher Block Chaining (CBC) mode

5.2.2 Authenticated encryption

5.2.3 Galois Counter Mode (GCM)

5.2.4 Exercises

5.3 Java Support for AES

5.3.1 The ACME Inc. Scenario

5.3.2 Implementing the ACME Inc. Scenario

5.4 Authenticated Encryption with Associated Data (AEAD)

5.4.1 Exercises

5.5 AES Best Practices

5.5.1 Selecting the AES key size

5.5.2 Checklist for using AES-GCM correctly in Java

5.5.3 Exercises

5.6 Answers to exercises

5.7 Summary

6 Public Key Encryption and Digital Signatures: Unleashing RSA

6.1 The secret key distribution problem

6.1.1 Exercises

6.2 Public key cryptosystems

6.2.1 Exercises

6.3 RSA public key cryptosystem

6.3.1 Configuring RSA

6.3.2 Hybrid Encryption

6.3.3 Signing data with RSA

6.3.4 Exercises

6.4 Java Support for RSA

6.5 Answers to exercises

6.6 Summary

7 Public Key Encryption and Digital Signatures: Using ECC

7.1 Elliptic curve public key cryptosystems

7.1.1 Configuring ECC

7.1.2 Diffie-Helman key agreement

7.1.3 Exercises

7.2 Java support for elliptic curves

7.2.1 Java support for encryption with elliptic curves

7.2.2 Java support for signing with elliptic curves

7.3 RSA vs. ECC

7.3.1 Exercises

7.4 Answers to exercises

7.5 Summary

Part 3: Securing communication channels

8 Public Key Infrastructure and X.509 Digital Certificates: know who you are talking to

8.1 Inspecting X.509 Digital Certificates

8.1.1 Inspecting X.509 certificates with OpenSSL CLI

8.1.2 Downloading a Website’s X.509 Digital Certificate Using OpenSSL CLI

8.1.3 Viewing The Fields of an X.509 Digital Certificate

8.1.4 Subject fields: Identify the public key and its owner.

8.1.5 Issuer Field: Identifies who created the certificate

8.1.6 Validity Fields

8.1.7 X.509 Digital Certificate Encoding Formats

8.1.8 Exercises

8.2 Verifying X.509 Digital Certificates

8.2.1 Verifying the GitHub.com X.509 Certificate

8.2.2 Exercises

8.3 Answers to exercises

8.4 Summary

9 Working with X.509 Certificates: Lifecycle and Self-Signing

9.1 Certificate Lifecycle: Issuance to revocation

9.1.1 Creating a keypair

9.1.2 Creating a Certificate Signing Request (CSR)

9.1.3 CSR Validation

9.1.4 Certificate Issuance

9.1.5 Certificate Revocation

9.1.6 Exercises

9.2 Private Certificate Authority for Local Development

9.2.1 Create a Self-Signed Root Certificate

9.2.2 Install the Certificate Authority into the Operating System Trust Store

9.2.3 Issue a certificate using the personal certificate authority

9.2.4 Exercises

9.3 Answers to exercises

9.4 Summary

10 Transport Layer Security (TLS): How the internet is secured

10.1 Securing communication with TLS

10.1.1 How it all started

10.1.2 TLS and mTLS

10.1.3 Exercises

10.2 What TLS actually protects you against

10.2.1 Protection from eavesdropping

10.2.2 Making sure there’s no tampering

10.2.3 Avoiding impersonation

10.2.4 Exercises

10.3 TLS in practice

10.3.1 Exercises

10.4 Answers to exercises

10.5 Summary

Part 4: Modern Authentication and Identity

11 JSON Object Signing and Encryption (JOSE)

11.1 The Standards Layer Cake

11.2 The problem solved by JSON Web Algorithms (JWA)

11.2.1 Exercises

11.3 JSON Web Key (JWK)

11.3.1 Exercises

11.4 JSON Web Signature (JWS)

11.4.1 JSON Web Object (JWS) Structure

11.4.2 Creating and verifying a JWS object

11.4.3 The credit card refunds scenario with JWS

11.4.4 Exercises

11.5 JSON Web Encryption (JWE)

11.5.1 JWE Structure

11.5.2 Creating and verifying JWE objects

11.5.3 Exercises

11.6 JSON Web Token (JWT)

11.6.1 Exercises

11.7 Answers to exercises

11.8 Summary

12 Single Sign On (SSO) using OAuth2 and OpenID Connect

12.1 Splitting security data management responsibilities

12.1.1 Exercises

12.2 Using authentication flows

12.2.1 The authorization code grant type

12.2.2 What actually are the tokens?

12.2.3 The client credentials grant type

12.2.4 Exercises

12.3 Applying OpenID Connect to Acme Inc.

12.3.1 Answers to exercises

12.4 Summary

13 Deepening security with OpenID Connect

13.1 Augmenting the authorization code grant type with PKCE

13.1.1 Exercises

13.2 Using refresh tokens to simplify authentication

13.2.1 Exercises

13.3 Supporting identity management with OpenID Connect

13.3.1 The Identity Layer and ID Token

13.3.2 The UserInfo Endpoint

13.3.3 Protection Against Replay Attacks and CSRF

13.3.4 Session management and logout

13.3.5 Exercises

13.4 Using multitenancy

13.4.1 Exercises

13.5 Answers to exercises

13.6 Summary

14 Passwordless login: Using Magic links and OTPs

14.1 The real magic of magic links authentication

14.1.1 Exercises

14.2 Authentication through One-Time Passwords (OTPs)

14.2.1 Exercises

14.3 Answers to exercises

14.4 Summary

15 Passwordless login: WebAuthn and hardware authentication

15.1 Biometric authentication

15.1.1 Fingerprint Scanning (Most Common)

15.1.2 Facial Recognition (Rapidly Growing)

15.1.3 Iris & Retina Scanning (Highly Secure)

15.1.4 Voice Recognition (Used in Call Centers & Virtual Assistants)

15.1.5 Palm Vein Recognition (High Security, Less Common)

15.1.6 Exercises

15.2 Authenticating using hardware keys

15.2.1 Exercises

15.3 Implementing WebAuthn authentication

15.3.1 Exercises

15.4 Answers to exercises

15.5 Summary

Part 5: Securing service-to-service call chain

16 Implementing service identity

16.1 What service identity is

16.1.1 Exercises

16.2 Implementing service authorization at the application level

16.2.1 Using the OAuth2 client credentials grant type

16.2.2 Using API Keys

16.2.3 Using custom authorization logic

16.2.4 Exercises

16.3 Implementing service authorization at the infra-level

16.3.1 Exercises

16.4 Answers to exercises

16.5 Summary

17 Taming authorization: RBAC, ABAC, ReBAC

17.1 What are core authorization models

17.1.1 Role-Based Access Control (RBAC)

17.1.2 Attribute-Based Access Control (ABAC)

17.1.3 Relationship-Based Access Control (ReBAC)

17.1.4 Exercises

17.2 Authorization in real-world architectures

17.2.1 Authorization within monoliths

17.2.2 Service-oriented authorization

17.2.3 Exercises

17.3 Answers to questions

17.4 Summary

Appendix

Appendix A: Installation and Setup

A.1 Setting up Java Development Environment

A.1.1 Setup Java 11

A.1.2 Setup A Java IDE

A.2 Obtaining the Book Samples

Overview

11 JSON Object Signing and Encryption (JOSE)

Modern systems exchange data across languages, teams, and organizations, so shared, well-specified formats are essential for secure interoperability. The JOSE family of standards provides exactly that for JSON-based signing and encryption. JSON Web Algorithms (JWA) standardizes names for cryptographic algorithms, while JSON Web Key (JWK) expresses secret, public, and private keys as JSON. On top of these, JSON Web Signature (JWS) secures content against tampering and proves authenticity, and JSON Web Encryption (JWE) protects confidentiality and integrity of arbitrary byte payloads. Understanding these formats not only simplifies implementation but also makes troubleshooting and cross-platform integration far easier.

JWS packages three elements—header, payload, and signature—into a compact, Base64URL-encoded, dot-separated string that is safe for HTTP headers and URLs. The header declares the signing algorithm via a JWA identifier (for example, HS256), the payload holds arbitrary data, and the signature is either a MAC or a digital signature, providing integrity and authenticity (not confidentiality). Libraries like Nimbus streamline creation and verification, as illustrated by the ACME refunds scenario where JWS replaces ad hoc file-plus-checksum exchanges with a single, self-describing artifact. A critical implementation pitfall is the alg:none vulnerability; developers must explicitly reject unsigned tokens to prevent signature bypass.

JWE extends the model to deliver confidentiality with authenticated encryption, typically using AES-GCM. Its compact form includes a header, an optional encrypted content-encryption key, the ciphertext, and an authentication tag (with an initialization vector conveyed alongside). Direct encryption (alg: dir) omits the encrypted key when parties already share it. With JOSE-aware libraries, encryption and decryption become straightforward and interoperable without bespoke metadata handling. In terms of goals, JWS provides integrity and authenticity, while JWE adds confidentiality; symmetric variants do not provide non-repudiation. Finally, JSON Web Token (JWT) is a constrained use of JWS or JWE where the payload must be a JSON object with standardizable claims, a format widely used in identity protocols but sometimes criticized for flexible options that can be misconfigured if care isn’t taken.

Relationship between the standards that are part of the JSON Object Signing and Encryption (JOSE) suite. JOSE enables interoperability between applications that want to exchange encrypted or signed data using the JSON data format. JOSE standards are used extensively by popular security protocols such as OpenID Connect for Single Sign On.

ACME Inc. staff approve refunds using the warehouse management application. Once a day the warehouse management application generates a refunds.json file. The payment service refunds customer credit cards for the amount specified in the refunds.json file.

The logical structure of a JSON Web Signature (JWS). A JSON metadata header describing the type of signature used. A payload that can be any type of data format not just JSON. Signature to use verify that the header and payload were not tampered with. A JWS payload is always readable to anyone who can access the JWS object.

Road from data to a JWS. A JSON Web Signature (JWS) object can be safely embedded in a URL or HTTP headers because it is represented a base64 URL string where each component is separated by a dot.

Parts of a JSON Web Encryption (JWE) object.

A JSON web token (JWT) can be a JWS object with the added restriction that the payload must be JSON object.

The collection of standards. JSON Web Token (JWT) builds on top of the JWE and JWS standards. JWT is the token format for the OpenID Connect standard.

Summary

JSON Object Signing and Encryption (JOSE) is suite of standards used to represent cryptographic algorithms, keys, signed content, and encrypted content as JSON objects.
JOSE is widely used with excellent support in many programming languages. However, it has come in some criticism due to unnecessary complexity in the standard that make it easy to misuse. Watch out for the JWS alg:none vulnerability in any application or library you are using.
JSON Web Signature (JWS) is an industry standard data format for signed data, it has JSON metadata header, a payload that can have any format, and a signature to validate the payload and header were not tampered with.
JWS support signatures with message authentication codes (MACs) which we covered in this chapter and digital signatures which we will cover in a future chapter.
JSON Web Encryption (JWE) is an industry standard data format for representing encrypted data in JSON. It supports AES and has a lot of implementations in different programming languages.
JSON Web Key (JWK) used to represent cryptographic keys as JSON objects.
JSON Web Algorithm (JWA) used to define the various algorithms used by JWS, JWE, and JWK.
Always consult with your Information Security team to make sure you are using corporate recommended configurations of common cryptographic algorithms.
The examples in this book are optimized for educational value, they take shortcuts to make the code fit on the page, and to emphasis the concepts. Don’t copy and paste the sample code blindly, you must make it production ready before you use it.

FAQ

What is JOSE and which standards does it include?

JOSE (JavaScript Object Signing and Encryption) is a suite of four IETF standards that enable interoperable signing and encryption with JSON: 1) JWA (JSON Web Algorithms) defines standard algorithm identifiers; 2) JWK (JSON Web Key) represents keys as JSON; 3) JWS (JSON Web Signature) protects integrity and authenticity; 4) JWE (JSON Web Encryption) adds confidentiality plus integrity.

Why do we need standardized algorithm identifiers (JWA)?

Standard names prevent ambiguity between systems built by different teams and ensure the right algorithms are selected during processing. Examples: HS256 (HMAC with SHA-256), A256GCM (AES-256 in GCM mode), ES384 (ECDSA with P-384 and SHA-384). JWA identifiers are registered with IANA for consistency.

What is a JSON Web Key (JWK) and why is it useful?

JWK is a JSON-based format for representing cryptographic keys (secret, public, private). It supports complex key types and metadata and is easy to exchange across services and languages. The kid (Key ID) field uniquely identifies a key for selection and rotation.

How is a JWS structured and represented?

A JWS has three parts: header (metadata like alg), payload (the data), and signature. In compact form it’s Base64URL-encoded and dot-separated as header.payload.signature, making it safe for HTTP headers and URLs. The payload is readable (not encrypted).

What security guarantees does a JWS provide (and what doesn’t it)?

With HS256, JWS provides integrity (no tampering) and authenticity (trusted origin). It does not provide confidentiality. Non-repudiation requires public-key signatures, which are covered in the next chapter.

How do I create and verify a JWS in Java?

Using Nimbus: build a JWSHeader with HS256, create a JWSObject with the payload, sign with MACSigner(secret), then serialize. To verify, parse the compact JWS and call verify with MACVerifier(secret). Don’t hardcode secrets in production; use secure key management.

What is the “alg: none” vulnerability and how do I avoid it?

Setting alg to none disables signature validation, letting attackers alter payloads undetected if the library accepts it. Mitigate by configuring your JWS/JWT library to reject alg: none. Nimbus’s MACVerifier throws on alg: none by default.

What is a JWE and what are its components?

JWE encrypts content to provide confidentiality (and integrity). Conceptually it has: header, optional encrypted key (CEK), ciphertext (payload), and authentication tag. In compact form, the dot-separated parts include the header, encrypted key (may be empty), initialization vector (IV), ciphertext, and authentication tag, all Base64URL-encoded.

Why is the encrypted key empty in the example JWE?

The example uses alg: dir (direct encryption), meaning sender and recipient already share the content encryption key, so no separate encrypted key is included.

How is a JWT related to JWS and JWE, and what’s the payload restriction?

A JWT is either a JWS or a JWE with the additional requirement that its payload must be a JSON object. JWTs may include standard claims such as sub (the subject/user ID).

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $33.59

you save $14.40 (30%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $33.59

you save $14.40 (30%)

eBook

pdf, ePub, online

$47.99 $33.59

you save $14.40 (30%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more