Secure Coding in Java & JEE

SEC-252

designed for ASP.NETand C# developers that require effective, real world, secure programming skills they can implement immediately at the workplace

WHAT'S ON THIS PAGE?

GET QUOTE

Secure Coding Course Overview


InfoSec Institute’s Award Winning Secure Coding in Java & JEE Course provides the most comprehensive approach to developing Secure Java Applications. This course is designed for developers and designers of Java Applications that require effective, real world secure programming skills they can implement immediately at the workplace.

InfoSec Institute brings you our Secure Coding in Java & JEE Course. This comprehensive 3-day course is designed to educate professional programmers on the skills necessary to develop and deploy secure applications as a fundamental element of the entire application development process.

• The objective of our Secure Coding in Java & JEE course is to encourage you to take security seriously by demonstrating concrete, hands-on examples of vulnerable code.
• You will learn which poor programming practices lead to vulnerable code, how to code securely, and maintain secure development practices throughout the SDLC.
• You will sharpen skills and gain experience in applying secure design and implementation principles through demonstrations of building, testing and securing real-world applications.
• You will be given the opportunity to participate in securing and testing applications through a progression of "challenge scenarios" alternating assignments as "attackers" and "defenders" of applications.

Course Objectives:
Upon completing our Secure Coding in Java will provide you with valuable knowledge and skills including the ability to:

  • Understand common web application exposures and attacks (including those in the OWASP Top Ten)
  • Learn how to securely use the JEE APIs
  • Gain valuable security code review skills
  • Learn static analysis techniques that can help you quickly find flaws in your code
  • Understand input validation defenses that can be used to defend against common application vulnerabilities
  • Learn techniques to identify possible application threats early in the Software Development Lifecycle

 

Benefits & Goals:

Our 3-day intense course provides attendees with a look at how poor security practices leave applications open to attack, and then walks you through the necessary tools, techniques and Best Practices in order to ensure you know how to write code in a secure manner.

Only InfoSec Institute's Secure Coding in .NET: ASP.NET/C#/VB.NET Edition Course offers you the following benefits:

  • Three (3) days of InfoSec Institute training with a real Java Security expert. Our experts have extensive JEE development experience as well as years of experience performing security codereviews for hundreds of different Java applications.
  • Improvement in skills required to build and maintain secure applications
  • Lunch and snacks provided on each day of class
  • Provide compliance for the OWASP Top 10 training component in the PCI DSS Standard


AS SEEN IN:

 

 

 

 

 

 

owasptop10

 

  • 3-Day intensive training
  • Industry recognized instructors
FIND OUT PRICING
ON-SITES OFFERED
"I was blown away by the instructor's knowledge and expertise. ... Would recommend"

Connie Brown

United States Air Force

The InfoSec Institute Experience

During the Three Day program, our instructors give you 110% of their time and dedication to ensure that your time is well spent. You will receive an all-inclusive immersion experience by receiving your hotel stay and most meals during your training experience; therefore you eat, sleep and train at the learning facility with no distractions!

 

Some of the topics you will learn to master during the Secure Coding in Java:

  • Input Validation & Encoding
  • Input Driven Attacks
  • Canonicalization Problems
  • Output Encoding
  • J2EE Filters
  • Validation & Encoding with Frameworks (Struts, Spring, etc)
  • Authentication, Authorization & Session Management
  • Parameter Manipulation
  • Java Authentication and Authorization Service (JAAS)
  • Servlet and EJB Container-Based Security
  • Servlet and EJB Component/Tier-Level Security
  • Password Security
  • Protecting User Sessions & Tokens
  • Common Cryptography Pitfalls
  • Using Java Cryptography Architecture (JCA/JCE) and 3rd Party APIs (Jasypt, Java DPAPI, etc)
  • Securing Communications with Java Secure Socket Extension (JSSE)
  • FindBugs
  • Integrating code review into the SDLC

 

 

 

 

 

 

 

  • Error Handling & Logging
  • Web Application Environment and Components
  • Attacking via Error Messages
  • Secure Logging & Error Handling
  • Platform Security
  • Securing Applications with Java 2 Platform Security
  • Web Services & Java RMI
  • Overview of Key Web Services Technologies (WSDL, SOAP, AJAX, etc)
  • Web Service Attacks and Securing
  • RMI Attacks and Securing
  • Application Threat Modeling
  • Application Decomposition
  • Identifying Attacks, Vulnerabilities & Countermeasures
  • Threat Modeling Tools
  • Using static analysis to find security issues such as: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injection, HTTP Response Splitting, Parameter Manipulation, Authentication & Authorization, Session Management, Error handling
  • Manual code review
  • Using static analysis tools


Dates & Locations




Unfortuantely, no public enrollment courses currently match your criteria

Your name can be added to a wait list for an upcomming course, or we can schedule to run an On-Site course in your local area if you have 6 students or more. Complete the following form if you would like to recieve information concerning our wait list policy and/or On-Site training

Full Name:
Company:
Work Phone #:
Email:
Any questions we can answer?
(optional)
 

The best in the world come train with us

See what our students are saying

  • David P. Curly

    Senior Consultant

    Booz Allen Hamilton

    "a must for any true
    security professional"

    "This was a phenomenal class! The instructor was extremely knowledgeable and crafted the exercises so that we truly learned the material. I have a whole new appreciation for how vulnerabilities are exploited. I have gained very practical skills and knowledge in this class which will help me tremendously in my job. I will highly recommend this course to all of my co-workers. This class should be a must for any true security professional. There were several moments during the week when I was amazed at how vulnerable systems truly are. The practical labs and competition teams made the experience fun. I have learned some extremely valuable skills."


    Find out more

  • Aaron Bento

    IBM Global Services

    "hands-on experience was invaluable"

    "The class was great! The instructor knew his his information very well. It was nice to have someone who is more than just book knowledge, someone who is just giving you the info for the cert test. His hands on experience in real world pen-testing was invaluable, as it gave a touch-stone to how the methods learned in class can be extended to real pen-testing."


    Find out more

  • Virgil Sabas

    SAIC

    "nice to have a dedicated training laptop provided"

    "I got a lot out of the real world scenarios presented in class. Jeremy is very knowledgeable in the field of penetration testing. Would definitely take classes again if he is the instructor. The course books are a great reference, and it was nice to have a dedicated training laptop provided by Infosec and not have to bring my own and waste time installing programs during class"


    Find out more

  • Rummy Dabgotra

    MTS Allstream

    "invaluable to my career"

    "Dan is an excellent instructor and incredibly knowledgeable. Great presenter and very helpful. The course was very intense but well structured. The hours were long but it really allows you to get your head wrapped around it. Slide notes were very good as well as the lab pre-info. The labs tied well into the course. The content and knowledge gained will be invaluable to my career."


    Find out more

Who should Attend

Who Should Attend:

  • Java Application Developers  
  • Managers, Architects and Technologists involved in deploying Java Applications  

 

PREREQUISITES:

Prior to enrolling in InfoSec Institute’s Secure Java Application Developer Boot Camp, students should have roughly 12-24 months of experience developing Java apps. Attendees should have an understanding of web applications, web programming concepts, and experience building web applications using the Java Framework. A basic understanding of IT security principles is recommended but not required.

If you are unsure if you meet the required prerequisites, contact us for a quick skill check.


Pricing for Ethical Hacking - including these certs

Pricing

Call (866)-471-0059 or fill out this short form for current pricing

 

YOU'LL GET

  • Three (3) days of InfoSec Institute training with a Java Security expert, bringing from the field experience and insight. Our experts have extensive experience developing Java/JEE applications. Our instructors have performed hundreds of security code reviews for enterprise J2E applications.
  • Improvement in skills required to build and maintain secure applications
  • Lunch and snacks provided on each day of class
  • Provide compliance for the OWASP Top 10 training component in the PCI DSS Standard
GET YOUR QUOTE - INSTANTLY
OUR STUDENTS SAY:
InfoSec Institute has an excellent instructor and this is the best IT security class I have ever taken. His knowledge and method of teaching are unsurpassed.