Java Secure Coding is a hands-on, lab-intensive Java security, code-level training course that teaches you the best practices for designing, implementing, and deploying secure programs in Java. You will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course explores well beyond basic programming skills, teaching you sound processes and practices to apply to the entire software development lifecycle. Perhaps just as significantly, you will learn about current, real examples that illustrate the potential consequences of not following these best practices. This course is short on theory and long on application, providing you with in-depth, code-level labs. The course also provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. You will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities. This workshop is about 50% dynamic lab exercises and 50% lecture. The second portion of the course walks you through a series of vulnerabilities illustrating in very real terms the right way to implement secure web applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment. You will leave the course armed with the required skills to recognize software vulnerabilities (actual and potential) and implement defenses for those vulnerabilities. A key component to our Secure Java Coding (TT8200-J)Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is Java-specific, it may also be presented using .Net or other programming languages.
- According to research by the National Institute of Standards, 92% of all security vulnerabilities are now considered application vulnerabilities and not network vulnerabilities.
- Concepts and terminology behind defensive coding
- Using Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Threats and attacks that take place against software applications in today's world
- Using Threat Modeling to identify potential vulnerabilities in a real-life case study
- Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java applications
- Vulnerabilities of the Java programming language and the JVM as well as how to harden both
- Work with Java 2 platform security to gain an appreciation for what is protected and how
- Java Authentication and Authorization Service (JAAS) in Java applications
- Using JAAS in conjunction with a Java application for both authentication and authorization
- Basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture
- Fundamentals of XML Digital Signature and XML Encryption
Who Can Benefit
This is an intermediate-level programming course designed for application project stakeholders who wish to get up and running on developing well-defended Java applications.
- Familiarity with the Java programming language is required, and real-world programming experience is highly recommended.
- TT2101 Core Java programming (3 days) or TT2100 Java Programming Fundamentals for OO Developers (5 days) or TT2120 Java Programming Fundamentals for Non-OO Developers (C, COBOL, Mainframe) (5 days), or equivalent knowledge and skills