The last 20 years have brought dramatic changes to computing architectures and technologies, at both the network level and the application level. Much has been done at the network infrastructure layer, with intrusion detection, anti-virus, firewalls, VPNs, Quality of Service, policy management and enforcement, Denial of Service detection and prevention, and end point security. This is necessary, but not sufficient -- more emphasis must now be placed on designing security into applications and in deploying application security infrastructure. While network security focuses on detecting, defending, and protecting, application security is more concerned with enablement and potentially with regulatory compliance (Sarbanes Oxley, HIPPA, GLB, etc.).

Application security is an imperative not only for technology, but also for business. Companies with better security will gain competitive advantage, reduce costs, reach new markets, and improve end-user experience. This is true for both B2B (e.g., supply chain) and B2C (e.g., financial services, e-tail) applications. With global network connectivity and ever-increasing bandwidth, we have seen business transformation and unprecedented access to information and resources. Security is now at the forefront of the challenges facing users, enterprises, governments, and application providers and developers.

Loosely coupled distributed applications based on J2EE and Web Services have become the preferred model for multi-vendor, standards-based application development, and the leading application development and deployment platforms have evolved to provide increasing levels of security. Security can no longer be viewed as a layer (or multiple layers) that is added as problems or vulnerabilities arise; it must be an initial design consideration and an essential application development priority. Security should be a first thought, not an afterthought.

This book provides a comprehensive description of the various elements and considerations that must be accounted for in developing an overall application security strategy and implementation. Sun Microsystems -- as a pioneer and leader in network computing, distributed applications, and the Java system -- is uniquely positioned to cover this important area. As developers of existing applications, or future innovators that will drive the next generation of highly distributed applications, the information and best practices outlined in this book will be an important asset to your development efforts. We are counting on you to ensue that businesses and end-users can confidently, and securely, experience the promise and power of the Internet.

Joseph Uniejewski

CTO and Senior VP of Corporate Development,

RSA Security Inc.

Bedford, MA-01730