NOTICE: This course code has recently been changed from TT-254 to TT-2800.
Students who attend Java Secure Coding (or Defensive Coding for Java) will leave the course armed with the required skills to recognize software vulnerabilities (actual and potential) and implement defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software.
The concept and process of Threat Risk Modeling is introduced as a key enabler for implementing effective and appropriate security for software and information assets.
This course includes coverage of the many security-related technologies and APIs that exist in the Java and J2EE world.
This intense hands-on workshop is essential for developers who need to produce secure Java and J2EE applications. Throughout the course, students learn the best practices for designing, implementing, and deploying secure programs in Java. Students will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course is short on theory and long on application.
Skills Gained
During this three day course, students will be led through a series of advanced topics, where most topics consist of lecture, group discussion, comprehensive hands-on lab exercises, and lab review.
The initial portion of the course lays down the foundation in basic terminology and concepts that is built upon in subsequent lessons. The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure web applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment.
This workshop is a code course rather than theory and concepts, with about 50% hands-on labs and 50% lecture. Many examples are threaded into the course, designed to reinforce fundamental skills and concepts learned in the lessons, all working in the Java environment. Because these lessons, labs and projects are presented in a building block fashion, students will gain a solid understanding of not only the core concepts, but also how all the pieces fit together in a complete application.
At the end of each lesson, developers will be tested with a set of review questions to ensure that he/she has fully understands that topic.
Students attending this course will
Understand the concepts and terminology behind defensive coding.
Understand and use Threat Risk Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets.
Learn the entire spectrum of threats and attacks that take place against software applications in today's world.
Use Threat Risk Modeling to identify potential vulnerabilities in a real life case study.
Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java applications.
Understand the vulnerabilities of the Java programming language and the JVM as well as how to harden both.
Understand and work with Java 2 platform security to gain an appreciation for what is protected and how
Understand the role that Java Authentication and Authorization Service (JAAS) has in both Java and J2EE applications.
Use JAAS in conjunction with a Java application for both authentication and authorization.
Understand the basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture.
Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena.
Learn how J2EE security is implemented as well as the limitations of that security
Apply J2EE security to an existing web application.
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure.
Who Can Benefit
This is an intermediate to advanced level Java course, designed for developers who wish to get up and running on developing well defended web applications. Familiarity with Java is required, and real world programming experience is highly recommended. This course may be customized to suit your team's unique objectives.
Prerequisites
Ideally students should have approximately 6 months to a year of practical Java development experience.
Hands-On
This intense hands-on course is 40/60 lab to lecture ratio. This workshop is essential for experienced developers who need to produce secure Java based web applications. Throughout the course, students learn the best practices for designing, implementing, and deploying secure web applications using Java. This course is short on theory and long on application.
Code:
TT-2800
Length:
3 days
Type:
Instructor-Led
Certified By:
Other Java :: Development :: Trivera
Tuition:
$1,450 / contact for GSA GOV.
This course is taught by Certified instructors. There is a difference. Learn More
This course is in the following categories. Click the categories to find similar courses and topics of interest.
There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links below. We can also contact you when the course is scheduled in your area.
Session 1 - Defensive Coding Overview
Security Concepts
Principles of Defensive Coding
Threat Risk Modeling
Lab - Threat Risk Modeling of Case Study
Session 2 - Vulnerabilities
Security Attacks
Information Attacks
System Attacks
Data Attacks
Lab - Threat Risk Modeling Revisited
Session 3 - Defensive Coding Applied to Java
Defensive Java Coding Practices 1
Lab - Static Review of Case Study Implementation
Analyze Lab Results
Lab - Attack the Case Study Implementation
Defensive Java Coding Practices 2
Session 4 - Java 2 Security and JAAS
Java 2 Security and Applets
Hardening the JVM
Lab - Work with Java 2 Security
JAAS Overview
Session 5 - Cryptography Overview
Overview of Java Cryptography/Encryption
Overview of XML\Web Services Security
Session 6 - J2EE Security
Technical Overview of J2EE Security
Hardening the Servers and Environment
Lab - Adding Security to a Web Application
Lab Optional - JAAS Authentication
Lab Optional - JAAS Authorization
When you take a certified course with ExitCertified, you are learning from
the creators of the products you use. Our commitment to your IT
community, along with our authorization to deliver certified courses,
ensures you receive a premium training experience.
