Call : (+91) 99 8080 3767
Mail : info@EncartaLabs.com
EncartaLabs

Secure Java Coding

( Duration: 3 Days )

The Secure Java Coding training course covers the best practices for designing, implementing, and deploying secure programs in Java. You will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course explores well beyond basic programming skills, teaching developers sound processes and practices to apply to the entire software development lifecycle. Perhaps just as significantly, you will learn about current, real examples that illustrate the potential consequences of not following these best practices.

By attending Secure Java Coding workshop, delegates will learn:

  • Concepts and terminology behind defensive coding
  • Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against assets
  • Entire spectrum of threats and attacks that take place against software applications
  • Threat Modeling to identify potential vulnerabilities in a real life case study
  • Static code reviews and dynamic application testing for uncovering vulnerabilities in Java applications
  • Vulnerabilities of the Java programming language and the JVM, and how to harden both
  • Work with Java 2 platform security to gain an appreciation for what is protected and how
  • Roles that Java Authentication and Authorization Service (JAAS) have in Java applications
  • Use JAAS in conjunction with a Java application for both authentication and authorization
  • Basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture
  • Fundamentals of XML Digital Signature and XML Encryption

  • Familiarity with Java and J2EE is required
  • Programming experience is highly recommended
  • At least six months of Java and J2EE working knowledge recommended

  • This Secure Java Coding class is intended for Application project stakeholders who wish to develop secure Java application.

COURSE AGENDA

1

Introduction: Misconceptions

  • Security: The Complete Picture
  • TJX: Anatomy of a Disaster?
  • Causes of Data Breaches
  • Heartland - Slipping Past PCI Compliance
  • Target’s Painful Christmas
  • Meaning of Being Compliant
2

Foundation

  • Security Concepts
    • Motivations: Costs and Standards
    • Open Web Application Security Project
    • Web Application Security Consortium
    • CERT Secure Coding Standards
    • Assets are the Targets
    • Security Activities Cost Resources
    • Threat Modeling
    • System/Trust Boundaries
  • Principles of Information Security
    • Security Is a Lifecycle Issue
    • Minimize Attack Surface Area
    • Layers of Defense: Tenacious D
    • Compartmentalize
    • Consider All Application States
    • Do Not Trust the Untrusted
  • Vulnerabilities
    • Unvalidated Input
    • Broken Access Control
    • Broken Authentication And Session Management
    • Cross Site Scripting (XSS) Flaws
    • Injection Flaws
    • Error Handling And Information Leakage
    • Insecure Storage
    • Insecure Management of Configuration
    • Direct Object Access
    • Spoofing and Redirects
  • Understanding What’s Important
    • Common Vulnerabilities and Exposures
    • OWASP Top Ten
    • CWE/SANS Top 25 Most Dangerous SW Errors
    • Monster Mitigations
    • Strength Training: Project
    • Teams/Developers
    • Strength Training: IT Organizations
3

Java Security

  • Java Security Fundamentals
    • Perimeter Defenses
    • Java Security Architecture
    • JVM Defenses
    • Extending the defenses
  • Cryptography Overview
    • Strong Encryption
    • Ciphers and algorithms
    • Message digests
    • Keys and key management
  • Code Location-Based Security
    • Work with Java 2 Security
    • Byte Code verifier
    • Signing code
    • Trusted code
    • Java permission management
    • Extending Java permissions
  • User-based J2SE Security
    • JAAS Authentication
    • Extending JAAS authentication
    • JAAS Authorization
  • Java Network Security
    • SSL Support
    • HTTPS
    • GSS
    • SASL protocols
  • Code Level Security Best Practices
    • What Java security provides for
    • Preventing remote hacking
    • Preventing accessing of restricted resources
    • Retaining credibility with Java code
4

Defending XML and Services

  • Defending XML
    • XML Signature
    • XML Encryption
    • XML Attacks: Structure
    • XML Attacks: Injection
    • Safe XML Processing
  • Defending Web Services
    • Web Service Security Exposures
    • When Transport-Level Alone is NOT Enough
    • Message-Level Security
    • WS-Security Roadmap
    • XWSS Provides Many Functions
    • Web Service Attacks
    • Web Service Appliance/Gateways

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top