Security Handbook for WebSphere Application Server

[This article is sponsored by Peningo Systems, Inc., a provider of WebSphere Consulting Services on a nationwide basis. For more information on Peningo Systems, please go to the Peningo WebSphere Consultants page ]

IBM has released a Redbook titled “IBM WebSphere Application Server V6.1 Security Handbook”, which is part of the IBM WebSphere V6.1 series. The Redbook focuses on security and security-related topics and provides technical details to design and implement secure solutions with WebSphere.

We at Peningo Systems strongly recommend this RedBook for any WebSphere Consultant / WebSphere Architect / WebSphere Developer who are involved in designing, developing, and deploying secure e-business applications using IBM WebSphere Application Server V6.1.

This Book Consists of 4 Parts:

  • Part 1 discusses security for the application server and its components, including enterprise applications. Note that global security has now become known as administrative security and application security. You find essential information on how to secure Web and EJB applications and how to develop a Java client using security.
  • Part 2 introduces additional components from the enterprise environment and discusses security beyond the application server.
  • External components include third-party security servers, messaging clients and servers, and database servers.
  • Part 3 is a short introduction to development environment security. Here you can read about guidelines and best practices that are applicable to a secure development environment.
  • Part 4 provides additional information related to chapters in the previous parts.

The following is the Table of Contents for this Redbook Draft:

  • Part 1. Application server security
    Chapter 1. Introduction
    Chapter 2. Configuring the user registry
    Chapter 3. Administrative security
    Chapter 4. SSL administration
    Chapter 5. JAAS for authentication in WebSphere Application Server
    Chapter 6. Application security
    Chapter 7. Securing a Web application
    Chapter 8. Securing an EJB application
    Chapter 9. Client security
    Chapter 10. Securing the service integration bus
  • Part 2. Extending security beyond the Application Server
    Chapter 11. Security attribute propagation
    Chapter 12. Securing a WebSphere application using Tivoli Access Manager
    Chapter 13. Trust Association Interceptors and third party software integration
    Chapter 14. Externalizing authorization with JACC
    Chapter 15. Web services security
    Chapter 16. Securing access to WebSphere MQ
    Chapter 17. J2EE Connector security
    Chapter 18. Securing the database connection
  • Part 3. Development environment
    Chapter 19. Development environment security
  • Appendix A. Additional configurations
    Appendix B. Additional material

To view and download the RedBook Draft in PDF, please go to the link below:

The IBM WebSphere Application Server V6.1 Security Handbook

If you are an “End Client” looking for a WebSphere Consulting Service provider to support your WebSphere Applications, Peningo Systems provides Consultants with expertise in many areas including:

WebSphere Portal

WebSphere Commerce

WebSphere Eclipse Development

WebSphere MQ

System Security Architecture

Tivoli Access Manager

Tivoli Identity Manager

DB2 – UDB,



Peregrine / HP Openview AssetCenter and ServiceCenter

J2EE based systems architecture and development.

To see Peningo Systems areas of expertise, please go to the Peningo Technical Areas page or go to the Peningo WebSphere Consultants page.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

About Edward Pellon

About Peningo Systems ( ) Peningo Systems and it founders have been involved in IT Consulting for over 30 years. Our goal is to support the individual IT Consultant by providing an avenue for them to be in contact directly to the end client. By doing this we reduce the many layers and tiers of organizations that are involved with placement of an IT Consultant. By reducing these layers and tiers, cost can be significantly reduced to the end client, while still providing the room for the Consultant to increase their revenues. Peningo is a for profit organization. We have decided to earn our “keep” by advocating, establishing and supporting a “market place” where the IT consultant and the “end client” may function without the interference of tiers of “prestigious” companies that bring to the consulting assignment excessive Markups and very little else. At Peningo we feel that the IT Consultant should be paid adequate rates commensurate with their skills and the personal sacrifice inherent in the life of an IT consultant. These allows us to field capable, motivated consultants that will contribute successfully to the “end client’s” systems development and implementation, while attracting to the IT industry new talent that otherwise would go to more lucrative pursuits. With the elimination of the “prestigious ones” there will be costs savings that will allow for the consultant to be paid a higher rate and for the client to reduce its costs. Both objectives represents Peningo’s Mission.
This entry was posted in IBM Tivoli, Offshoring, Tivoli, Tivoli Access Manager, Tivoli Consulting, WebSphere, WebSphere Commerce, WebSphere Consulting, WebSphere Portal. Bookmark the permalink.

Comments are closed.