US / UK-EMEA / Contact Ask DevelopMentor a Question800.699.1932

Secure Java Coding Training

(FW1095) 3 Day Course, $1995
 
Upcoming Classes:

What You Will Learn

Course Highlights

Course Details

Dates & Locations

Java Secure Coding is a hands-on, lab-intensive Java security, code-level training course that teaches students the best practices for designing, implementing, and deploying secure programs in Java. Students will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course explores well beyond basic programming skills, teaching developers sound processes and practices to apply to the entire software development lifecycle. Perhaps just as significantly, students learn about current, real examples that illustrate the potential consequences of not following these best practices. This course is short on theory and long on application, providing students with in-depth, code-level labs.

A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is Java-specific, it may also be presented using .Net (TT8200-N) or other programming languages.

What You Will Learn

Course Highlights

Course Details

Dates & Locations

Students who attend Secure Java Coding will leave the course armed with the required skills to recognize software vulnerabilities (actual and potential) and implement defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software.

The concept and process of Threat Modeling is introduced as a key enabler for implementing effective and appropriate security for software and information assets. This course includes coverage of the many security-related technologies and APIs that exist in the Java world.

Working in a hands-on, dynamic learning environment, let our expert security team, attendees will learn to:
  • Understand the concepts and terminology behind defensive coding
  • Understand and use Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Learn the entire spectrum of threats and attacks that take place against software applications in today’s world
  • Use Threat Modeling to identify potential vulnerabilities in a real life case study
  • Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java applications
  • Understand the vulnerabilities of the Java programming language and the JVM as well as how to harden both
  • Understand and work with Java 2 platform security to gain an appreciation for what is protected and how
  • Understand the role that Java Authentication and Authorization Service (JAAS) has in Java applications
  • Use JAAS in conjunction with a Java application for both authentication and authorization
  • Understand the basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture
  • Understand the fundamentals of XML Digital Signature and XML Encryption
This class is "technology-centric", designed to train attendees in essential secure coding and development skills, coupling the most current, effective techniques with the soundest industry practices. This workshop is about 50% dynamic lab exercises and 50% lecture.

The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Students will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities.

The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure web applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment.

What You Will Learn

Course Highlights

Course Details

Dates & Locations

Session: Defensive Coding Overview
  • Misconceptions
    • Thriving Industry of Identify Theft
    • Dishonor Roll of Data Breaches
    • TJX: Anatomy of a Disaster
    • Heartland: What? Again?
  • Security Concepts
    • Terminology and Players
    • Assets, Threats, and Attacks
    • OWASP
    • CWE/SANS Top 25 Programming Errors
    • Categories
    • What they mean to your applications
  • Defensive Coding Principles
    • Security Is A Lifecycle Issue
    • Minimize Attack Surface
    • Manage Resources
    • Application States
    • Compartmentalize
    • Defense In Depth - Layered Defense
    • Consider All Application States
    • Not Trusting The Untrusted
    • Security Defect Mitigation
    • Leverage Experience
  • Reality
    • Recent, Relevant Incidents
    • Find Security Defects In Web Application
Session: Vulnerabilities
  • Security Attacks
  • Information Attacks
  • System Attacks
  • Data Attacks
Session: Java Security Fundamentals
  • Perimeter Defenses
  • Java Security Architecture
  • JVM Defenses
  • Extending the defenses
Session: Cryptography Overview
  • Cryptography defined
  • Strong Encryption
  • Ciphers and algorithms
  • Message digests
  • Keys and key management
  • Types of keys
  • JCA and JCE
  • Key management in Java
  • Certificate management in Java
  • Encryption/Decryption
Session: Code Location-Based Security
  • Java 2 Security and Applets
  • Work with Java 2 Security
  • Byte Code verifier
  • Class loaders
  • Class loader tunnels
  • Signing code
  • Trusted code
  • Java permission management
  • Extending Java permissions
Session: User-based J2SE Security
  • JAAS Overview
  • JAAS Authentication
  • Extending JAAS authentication
  • JAAS Authorization
Session: Java Network Security
  • SSL Support
  • HTTPS
  • GSS
  • SASL protocols
Session: Code Level Security Best Practices
  • What Java security provides for
  • Preventing remote hacking
  • Preventing accessing of restricted resources
  • Retaining credibility with Java code
Session: Defending XML Processing
  • Defending XML
    • Understanding common attacks and how to defend
    • Operating in safe mode
    • Using standards-based security
    • XML-aware security infrastructure

What You Will Learn

Course Highlights

Course Details

Dates & Locations

Upcoming Dates & Locations

There are no upcoming scheduled engagments of this course. We can schedule an on-site event at your convenience.
Ready?
Connect
Signup for our Free Newsletter!
Latest news
Twitter Feed MORE
There is something to this statement: Why Quit? Because They Have Bigger Monitors http://t.co/9FrGETG5 #dm (via @mkennedy)
19 hours ago (details)
Essential RESTful Services Training. The new #REST course @BrockLAllen and myself where working on is online. http://t.co/XXhGN5JP #dm ^MdB
2 days ago (details)
Testimonials
  • Andrew Scoppa is very knowledgeable, very helpful. Explained concepts, answered questions and did many examples in class. Islay R.