,

Secure Coding in Java/JEE: Developing Defensible Applications Training

This Secure Coding in Java/JEE: Developing Defensible Applications Training course will teach students how to build secure Java applications and gain the knowledge and skills to keep a website from getting hacked, counter a wide range of application attacks, prevent critical security vulnerabilities that can lead to data loss, and understand the mindset of attackers.

The Secure Coding in Java/JEE: Developing Defensible Applications Training course teaches you the art of modern web defense for Java applications by focusing on foundational defensive techniques, cutting-edge protection, and Java EE security features you can use in your applications as soon as you return to work. This includes learning how to:

  • Identify security defects in your code
  • Fix security bugs using secure coding techniques
  • Utilize secure HTTP headers to prevent attacks
  • Secure your sensitive representational state transfer (REST) services
  • Incorporate security into your development process
  • Use freely available security tools to test your applications

Great developers have traditionally distinguished themselves by the elegance, effectiveness and reliability of their code. That is still true, but the security of the code now needs to be added to those other qualities. This unique course allows you to hone the skills and knowledge required to prevent your applications from getting hacked.

Secure Coding in Java/JEE: Developing Defensible Applications TrainingDuration: 5 days

RESOURCES
RELATED COURSES
CUSTOMIZE It
  • We can adapt this Secure Coding in Java/JEE: Developing Defensible Applications course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Secure Coding in Java/JEE: Developing Defensible Applications course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Secure Coding in Java/JEE: Developing Defensible Applications Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in Java/JEE: Developing Defensible Applications course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Secure Coding in Java/JEE: Developing Defensible Applications course:

Developers who want to build more secure applications

  • Java Enterprise Edition (JEE) programmers
  • Software engineers
  • Software architects
  • Developers who need to be trained in secure coding techniques to meet PCI compliance

While the Secure Coding in Java/JEE: Developing Defensible Applications course is focused specifically on software development, it is accessible enough for anyone comfortable working with code who has an interest in understanding the developer’s perspective, including:

  • Application security auditors
  • Technical project managers
  • Senior software QA specialists
  • Penetration testers who want a deeper understanding of target applications or who want to provide more detailed vulnerability remediation options
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Secure Coding in Java/JEE: Developing Defensible Applications course are:

  • At least one year of experience working with ASP.NET and the .NET framework
  • Experience with programming in ASP.NET using either Visual Basic or C#. All class work will be performed in C#
  • A thorough knowledge of Web technology
  • While this class briefly reviews basic web attacks, a prior understanding of web application vulnerabilities (i.e., the OWASP Top 10) is recommended.
Secure Coding in Java/JEE: Developing Defensible Applications Training - OBJECTIVES

Upon completing this Secure Coding in Java/JEE: Developing Defensible Applications course, learners will be able to meet these objectives:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • Parameter manipulation
  • Open redirect
  • Session hijacking
  • Clickjacking
  • Authentication and access control bypass
  • Keep your website from getting hacked
  • Counter a wide range of application attacks
  • Prevent critical security vulnerabilities that can lead to data loss
  • Understand the attacker’s mindset and how your applications can be hacked
Secure Coding in Java/JEE: Developing Defensible Applications Training - COURSE SYLLABUS

Common Web Application Vulnerabilities

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • HTTP response splitting
  • Parameter manipulation

Data Validation

  • Input validation
  • Whitelisting vs. blacklisting
  • Output encoding and escaping
  • Parameterized queries
  • Using frameworks and APIs

Authentication

  • How to use encryption and certificates
  • Protecting session IDs
  • JEE-based authentication
  • Basic and form-based authentication
  • Client certificate authentication

Session Management

  • Session hijacking
  • Session fixation

Access Control

  • Java Enterprise Edition (JEE)-based authorization
  • Declarative and programmatic access control
  • Using annotations
  • Java Security Manager

Encryption

  • Java Secure Socket Extension (JSSE)
  • Java Cryptography Architecture (JCA)
  • Client certificates
  • Secure sockets layer (SSL)

Java Programming and Language

  • Race conditions
  • Logging and error handling
  • Class security
Secure Coding in Java/JEE: Developing Defensible Applications Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: