Secure Coding in Java and JEE

No Reviews Yet

Mundhwa, Pune

Course ID: 37915

Mundhwa, Pune

Students Interested 0 (Seats Left 0)

No Reviews Yet

Date and Time

Not decided yet.

Gunwant Singh picture
Gunwant Singh

Msc. in Network Security, CISSP, GXPN

11 Years of Experience

About Gunwant Singh

I am a Senior Security Analyst with over 13 years of industrial experience in Information Security. I have tested and secured a number of government applications and software used by several Fortune 500 companies of the world.

I am currently holding CISSP & GXPN certifications and work mostly in Penetration Testing and hardening of web servers. I have experience in teaching corporate and individual staff for about 5-7 years.

I host a blog for students and currently write articles and whitepapers for several companies. I have been involved in hosting training on Application Security and I was invited for a couple of sessions for OWASP Delhi and Houston (USA) chapters.
No reviews currently Be the First to Review

About the Course

Course Overview


InfoSec Institute brings you our Secure Coding in Java & JEE Course. This comprehensive course is designed to educate professional programmers on the skills necessary to develop and deploy secure applications as a fundamental element of the entire application development process.


Who Should Attend


JAVA & JEE Developers, Designers & Architects, Other Members or Managers of the Software Development Team


Course Objectives


The objective of our Secure Coding in Java & JEE course is to encourage Java developers to take security seriously by demonstrating concrete, hands-on examples of vulnerable code.


 



  • You will learn which poor programming practices lead to vulnerable code, how to code securely, and maintain secure development practices throughout the SDLC.

  • You will sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications.

  • You will be given the opportunity to participate in securing and testing applications through a progression of ""challenge scenarios"" alternating assignments as ""attackers"" and ""defenders"" of applications."

    Course Outline-



    1 - Introduction



    • Web Application Environment and Components

    • General Web Application Security Concepts

    • Overview of the Java Security Architecture




    2 - Input Validation & Encoding



    • Input Driven Attacks

    • Canonicalization Problems

    • Output Encoding

    • J2EE Filters

    • Validation & Encoding with Frameworks (Struts, Spring, etc)




    3 - Authentication, Authorization & Session Management



    • Common Authentication and Authorization Weaknesses

    • Parameter Manipulation

    • Java Authentication and Authorization Service (JAAS)

    • Servlet and EJB Container-Based Security

    • Servlet and EJB Component/Tier-Level Security

    • Password Security

    • Protecting User Sessions & Tokens




    4 - Encryption, Confidentiality & Data Protection



    • Cookie-Based Attacks

    • Protecting Application Variables

    • Cache Control Issues

    • Protecting Usernames, Passwords and Personally Identifiable Information

    • Common Cryptography Pitfalls

    • Using Java Cryptography Architecture (JCA/JCE) and 3rd Party APIs (Jasypt, Java DPAPI, etc)

    • Securing Communications with Java Secure Socket Extension (JSSE)




    5 - Data Access



    • Secure Database Programming

    • Prepared/Callable Statements and Bind Variables

    • Java Object Relational Mappers (ORMs)

    • Common Stored Procedure Flaws




    6 - Error Handling & Logging



    • Attacking via Error Messages

    • Secure Logging & Error Handling




    7 - Platform Security



    • Securing Applications with Java 2 Platform Security

    • Common Application and Server Mis- Configurations

    • Deployment Descriptor Hardening

    • Securing Java Code




    8 - Web Services & Java RMI



    • Overview of Key Web Services Technologies (WSDL, SOAP, AJAX, etc)

    • Web Service Attacks and Securing

    • RMI Attacks and Securing




    9 - Application Threat Modeling



    • Threat Modeling Concepts

    • Application Decomposition

    • Identifying Attacks, Vulnerabilities & Countermeasures

    • Threat Modeling Tools




    10 - Practical Security Testing Techniques for Developers



    • Useful Web Application Assessment Tools

    • Determining the Severity of Vulnerabilities

    • Dealing with Time Constraints

    • Using static analysis to find security issues such as: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injection, HTTP Response Splitting, Parameter Manipulation, Authentication & Authorization, Session Management, Error handling

    • Manual code review

    • Using static analysis tools

    • FindBugs

    • Integrating code review into the SDL

Reviews

No reviews currently Be the First to Review

Discussions

Students Interested 0 (Seats Left 0)

Post your requirement and let us connect you with best possible matches for Application Security Training Post your requirement now

Enquire

Submit your enquiry for Secure Coding in Java and JEE

Please enter valid question or comment

Please enter your name.

Please enter valid Phone Number

Please enter the Pin Code.

By submitting, you agree to our Terms of use and Privacy Policy

Connect With Gunwant

You have reached a limit!

We only allow 20 Tutor contacts under a category. Please send us an email at support@urbanpro.com for contacting more Tutors.

You Already have an UrbanPro Account

Please Login to continue

Please Enter valid Email or Phone Number

Please Enter your Password

Please enter the OTP sent to your registered mobile number.

Please Enter valid Password or OTP

Forgot Password? Resend OTP OTP Sent

Sorry, we were not able to find a user with that username and password.

We have sent you an OTP to your register email address and registered number. Please enter OTP as Password to continue

Further Information Received

Thank you for providing more information about your requirement. You will hear back soon from the trainer

UrbanPro.com is India's largest network of most trusted tutors and institutes. Over 25 lakh students rely on UrbanPro.com, to fulfill their learning requirements across 1,000+ categories. Using UrbanPro.com, parents, and students can compare multiple Tutors and Institutes and choose the one that best suits their requirements. More than 6.5 lakh verified Tutors and Institutes are helping millions of students every day and growing their tutoring business on UrbanPro.com. Whether you are looking for a tutor to learn mathematics, a German language trainer to brush up your German language skills or an institute to upgrade your IT skills, we have got the best selection of Tutors and Training Institutes for you. Read more