Software Security for Developers

"A wonderful, modern security book for developers.”
—Jeanne Boyarsky, Java Champion

Software security is about understanding how real systems fail, and how to build them so they don’t. Software Security for Developers gives you that understanding, and shows you how to apply it in the modern cloud and Kubernetes environments you work with every day.

The book starts with the reality developers face: security problems are not theoretical—they show up in design choices, dependencies, configuration, and day-to-day coding decisions. You’ll see why breaches happen, how supply chain risks creep in, and how “secure development” actually looks across the lifecycle—from design to deployment.

From there, the book builds the foundation you need to work confidently with security tools. Instead of treating frameworks as black boxes, it explains the standards, protocols, and patterns they implement.

You’ll learn how integrity, encryption, authentication, and identity really work—so TLS, OAuth2, OpenID Connect, and certificates become understandable and usable.

With that foundation in place, the focus shifts to modern application architecture. You’ll implement secure communication channels, design authentication and identity flows, adopt passwordless approaches, and manage authorization across complex service-to-service call chains. Along the way, you’ll see how to give every service an identity, enforce access policies, and secure interactions in distributed, cloud-native systems.

Throughout the book, concepts are grounded in practical Java examples that mirror real production scenarios. By the end, you’ll be familiar with security terms and know how to apply them to build systems that pass audits, resist attacks, and hold up under real-world pressure.