Secure Coding in Java/JEE: Developing Defensible Applications Training

Print Friendly, PDF & Email
Introduction

Secure Coding in Java/JEE: Developing Defensible Applications Training Course by ENO

This Secure Coding in Java/JEE: Developing Defensible Applications Training secure coding course will teach students how to build secure Java applications and gain the knowledge and skills to keep a website from getting hacked, counter a wide range of application attacks, prevent critical security vulnerabilities that can lead to data loss, and understand the mindset of attackers.

The Secure Coding in Java/JEE: Developing Defensible Applications Training course teaches you the art of modern web defense for Java applications by focusing on foundational defensive techniques, cutting-edge protection, and Java EE security features you can use in your applications as soon as you return to work. This includes learning how to:

• Identify security defects in your code
• Fix security bugs using secure coding techniques
• Utilize secure HTTP headers to prevent attacks
• Secure your sensitive representational state transfer (REST) services
• Incorporate security into your development process
• Use freely available security tools to test your applications

Great developers have traditionally distinguished themselves by the elegance, effectiveness and reliability of their code. That is still true, but the security of the code now needs to be added to those other qualities. This unique ENO course allows you to hone the skills and knowledge required to prevent your applications from getting hacked.

Duration: 5 days

Secure Coding in Java/JEE: Developing Defensible Applications Training Related Courses

Customize It

• If you are familiar with some aspects of this Secure Coding in Java/JEE: Developing Defensible Applications Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Secure Coding in Java/JEE: Developing Defensible Applications Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in Java/JEE: Developing Defensible Applications Training course in manner understandable to lay audiences.

Audience / Target Group

Developers who want to build more secure applications

• Java Enterprise Edition (JEE) programmers
• Software engineers
• Software architects
• Developers who need to be trained in secure coding techniques to meet PCI compliance

While the course is focused specifically on software development, it is accessible enough for anyone comfortable working with code who has an interest in understanding the developer's perspective, including:

• Application security auditors
• Technical project managers
• Senior software QA specialists
• Penetration testers who want a deeper understanding of target applications or who want to provide more detailed vulnerability remediation options

Secure Coding in Java/JEE: Developing Defensible Applications Training - Objectives:

After completing this Secure Coding in Java/JEE: Developing Defensible Applications Training course, attendees will be able to:

• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• SQL injection
• Parameter manipulation
• Open redirect
• Session hijacking
• Clickjacking
• Authentication and access control bypass
• Keep your website from getting hacked
• Counter a wide range of application attacks
• Prevent critical security vulnerabilities that can lead to data loss
• Understand the attacker's mindset and how your applications can be hacked

Secure Coding in Java/JEE: Developing Defensible Applications Training - Course Content:

Common Web Application Vulnerabilities
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• SQL injection
• HTTP response splitting
• Parameter manipulation

Data Validation
• Input validation
• Whitelisting vs. blacklisting
• Output encoding and escaping
• Parameterized queries
• Using frameworks and APIs

Authentication
• How to use encryption and certificates
• Protecting session IDs
• JEE-based authentication
• Basic and form-based authentication
• Client certificate authentication

Session Management
• Session hijacking
• Session fixation

Access Control
• Java Enterprise Edition (JEE)-based authorization
• Declarative and programmatic access control
• Using annotations
• Java Security Manager

Encryption
• Java Secure Socket Extension (JSSE)
• Java Cryptography Architecture (JCA)
• Client certificates
• Secure sockets layer (SSL)

Java Programming and Language
• Race conditions
• Logging and error handling
• Class security

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0