Secure Coding in Java
About this course
Java Secure Coding Training
Java is used to develop full featured and very powerful corporate applications. Many of these applications do allow access to critical and confidential resources and this has made them popular targets for attack. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
About this course
This course aims to provide the knowledge and resources required to evaluate the security of Java applications. The participants, through the understanding of theory and practical exercises carried out by them, will be able to identify critical vulnerabilities in web applications and implement the necessary corrective measures.
It is recommended that participants on the Web Application Secure Coding in Java have completed the Web Application Security Training course. Please see “Related Training”.
The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
• General Web Application Security Concepts
• Java Security Features
• Identify security vulnerabilities in code (OWASP Top 10, SANS 25)
• Implement Security Controls
• Session Management
• Access control
• Input validation
• Output encoding/escaping
• Error handling and logging
• Data Protection
• HTTP security
• Incorporate security into the development process
Format: The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a dummy Java web application purpose-built and containing the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Duration: 1 day (8 hours)
The course is designed for:
• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals
- Printed materials
- Virtual image containing all tools used
- Certificate of Participation (CPE Points)
- The Web Application Secure Coding in NET course is designed to instruct participants on best practices in secure coding using the .Net Framework.
- The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about our CSSLP training
- The Threat Modeling course provides attendees with the knowledge to identify applicable threats, quantify them, and address the risk with effective countermeasures to mitigate any attack – at the design stage of the SDL. Learn more about our Threat Modeling training
- The Secure Coding for PCI DSS course provides attendees specific knowledge and skills to apply the secure coding and application security standards needed for PCI DSS–relevant applications that process card payments and/or cardholder data. Learn more about our Secure Coding for PCI DSS training
Our course begins with the first step for generating great user experiences: understanding what people do, think, say, and feel. In this module, you’ll learn how to keep an open mind while learning.