There are many sources of information on Java security. Here are few which we have found useful as starting points:
- Enterprise Java™ Security: Building Secure J2EE™ Applications. written by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Published by Addison-Wesley, 2004. ISBN 0-321-11889-8. This covers both J2SE and J2EE security, including cryptography.
- Java 2 Network Security written by Marco Pistoia, et al.
- The Security Challenges for Enterprise Java in an e-Business Environment, L. Koved, A. Nadalin, N. Nagaratnam, M. Pistoia, T. Shrader. IBM Systems Journal (Vol 40,No 1).
- The Evolution of Java Security, L. Koved, A. Nadalin, D. Neal and T. Lawson. IBM Systems Journal (Vol 37,No 3).
- Fred Schneider and Greg Morrisett have done research on language based security.
- David Wagner has done research on static analysis for security.
- Princeton University Computer Science Department Secure Internet Programming Lab (SIP).
- The Sun Java web site contains many documents covering the Java APIs, etc.