Developing Secure Java Web Applications (TT8320-J)
About this course:
Secure Java Web Application Development is a lab-intensive, hands-on Java / JEE security training course, essential for experienced enterprise developers who need to engineer, maintain, and support secure JEE-based web applications.
In this course, students thoroughly examine best practices for defensively coding web applications, including XML processing, rich interfaces, and both RESTful and SOAP-based web services. Students will repeatedly attack and then defend various assets associated with fully-functional web applications and web services. This hands-on approach drives home the mechanics of how to secure JEE web applications in the most practical of terms.
A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is Java-specific, it may also be presented using .Net or other programming languages.
The average salary of a Java Developer is $69,722 per year.
- Understand potential sources for untrusted data
- Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- To test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
- Prevent and defend the many potential vulnerabilities associated with untrusted data
- Understand the vulnerabilities of associated with authentication and authorization
- To detect, attack, and implement defenses for authentication and authorization functionality and services
- Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
- To detect, attack, and implement defenses against XSS and Injection attacks
- Understand the concepts and terminology behind defensive, secure, coding
- Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web applications
- Design and develop strong, robust authentication and authorization implementations within the context of JEE
- Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
- To detect, attack, and implement defenses for both RESTful and SOAP-based web services and functionality
- Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
This is an intermediate -level JEE / web services programming course, designed for developers who wish to get up and running on developing well defended software applications. This course may be customized to suit your team’s unique objectives.
- Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.
|Subjects||App Development, Information Security|
|Technology||Microsoft, Programming Language|
|Learning Style||Virtual Classroom|
|Course Duration||4 Days|