Secure Java Coding (SJC)
Secure Java Coding is a hands-on, lab-intensive Java security, code-level training course that teaches you the best practices for designing, implementing and deploying secure programs in Java. You will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course explores well beyond basic programming skills, teaching you sound processes and practices to apply to the entire software-development life cycle. Perhaps just as significantly, you will learn about current, real examples that illustrate the potential consequences of not following these best practices. This course is short on theory and long on application.
The concept and process of Threat Modeling is introduced as a key enabler for implementing effective and appropriate security for software and information assets. This course includes coverage of the many security-related technologies and APIs that exist in the Java world. This class is “technology-centric”, designed to train attendees in essential secure coding and development skills, coupling the most current, effective techniques with the soundest industry practices. This workshop is about 50% dynamic lab exercises and 50% lecture.
The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Students will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities.
The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure web applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment.
Who should attend
- This course is intended for application project stakeholders who wish to get up and running on developing well-defended Java applications
- Familiarity with the Java programming language
- Real world programming experience is highly recommended
Working in a hands-on, dynamic learning environment led by our expert security team, you will learn to:
- Understand the concepts and terminology behind defensive coding
- Understand and use Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Learn the entire spectrum of threats and attacks that take place against software applications in today’s world
- Use Threat Modeling to identify potential vulnerabilities in a real life case study
- Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java applications
- Understand the vulnerabilities of the Java programming language and the JVM as well as how to harden both
- Understand and work with Java 2 platform security to gain an appreciation for what is protected and how
- Understand the role that Java Authentication and Authorization Service (JAAS) has in Java applications
- Use JAAS in conjunction with a Java application for both authentication and authorization
- Understand the basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture
- Understand the fundamentals of XML Digital Signature and XML Encryption
Our robust course materials include much more than a simple slideshow presentation handout. Student materials include a comprehensive hard-copy course manual, complete with detailed course notes, code samples, diagrams and current reference materials, all directly related to the course at hand, indexed for ease of use. Step-by-step lab instructions and project descriptions are clearly illustrated and commented for maximum learning and ease of use. This course also includes:
- Basic course pre-testing and/or post-course assessments
- Ability to customize the courseware, adapting it to your companies policies, procedures and plans
- Although this training is skills-centric, this course can be delivered using a variety of software combinations, including but not limited to: Eclipse / Galileo, MyEclipse, IBM® WebSphere Rational Application Developer (RAD7), Oracle JDeveloper or other IDEs. This course may also run using Java 5 or Java 6. Please inquire for details and options.
- Our detailed workbooks are complete with software-specific screen shots and step-by-step tutorials for using the software you select. In most cases we can easily port our classes to run in the environment of your choosing.
Duration: 3 days
Currently there are no training dates scheduled for this course. Training date request