Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
IT Security & Secure Coding Foundations
- Understanding the CIA triad: Confidentiality, Integrity, and Availability as core security principles.
- Overview of common vulnerabilities and attacks across various languages and platforms (including SQLi, XSS, CSRF, SSRF, etc.).
- The role of the Secure SDLC in preventing, detecting, and mitigating threats at the code level.
Web Application Security in Java Context
- Mapping OWASP Top Ten standards to common Java-specific flaws.
- Mitigation techniques for injection vulnerabilities: utilizing prepared statements, ORM layers, and parameterized queries.
- Addressing authentication vulnerabilities (such as broken session management and XSS vectors) and implementing remediation patterns.
- Implementing robust input validation to prevent directory traversal and path manipulation attacks.
Foundations of Java Security & Cryptography Deep Dive
- Core cryptographic concepts: distinguishing between symmetric and asymmetric encryption, hashing algorithms, and digital signatures.
- Secure communication protocols: best practices for setting up TLS/SSL in Java applications (HTTPS).
- Practical lab: Configuring secure connections between web servers and backend services using SSL/TLS.
Java Security Services & Enterprise Security Features
- Utilizing built-in security APIs to implement strong authentication mechanisms (JAAS, KeyStore, CertificatePath, SecureRandom).
- Managing user sessions securely to minimize risks of hijacking or fixation.
- Lab: Implementing secure session management patterns and mitigating risks associated with session cookie theft.
Common Coding Errors & Vulnerabilities in Java
- Recognizing insecure coding patterns that lead to class loading vulnerabilities (including CVEs related to deserialization and JAR extraction).
- Preventing unsafe reflection usage that could lead to arbitrary code execution under privilege escalation.
- Understanding the risks of insecure logging frameworks and mitigating them through secure handlers or appropriate logging levels.
- Hands-on lab: Refactoring insecure Java code samples into secure patterns using FindSecurityBugs.
Cryptography in Practice & Modern Secure Coding Patterns
- Practical encryption: designing secure key management systems and protecting sensitive data both in transit and at rest.
- Hashing for integrity verification: applying best practices for password storage, file content validation, and digital signing workflows.
- Lab: Implementing secure data hashing (SHA-256) for password storage and validating stored hashes against input.
Advanced Secure Coding & Threat Modeling
- Integrating static code analysis tools into CI/CD pipelines using FindSecurityBugs with Maven/Gradle.
- Identifying risks early in the design phase through threat modeling workshops.
- Workshop: Applying threat modeling to a sample Java application, prioritizing risks, and implementing secure coding practices.
Capstone Project & Secure Coding Roadmap
- Participants select a real-world Java project (such as a web application, microservice, or library) to work on.
- Analyzing the selected codebase for OWASP Top Ten vulnerabilities (including injection, broken authentication, SSI, etc.).
- Refactoring insecure code into best practice patterns and implementing secure service configurations.
- Documenting the process, challenges encountered, and new learning outcomes, followed by peer review and facilitator feedback.
Open Q&A, Resources Distribution & Final Review
- Open discussion forum to address common secure coding questions, clarify advanced concepts, and share real-world experiences.
- Curated resource library: Includes the OWASP Java Secure Coding Top Ten CheatSheet, FindSecurityBugs refactoring guide, and recommended secure coding libraries.
- Course closure and provision of post-training support for applying new skills in ongoing projects.
Requirements
- Basic computer proficiency, including operating modern laptop/desktop OS environments and using standard office productivity tools (e.g., word processors, spreadsheets).
- No prior Java programming or security experience is strictly required; however, a foundational understanding of object-oriented concepts and standard web development workflows is encouraged.
- A strong willingness to engage in hands-on exercises, quizzes, and real-world case study analysis to practice applying new skills.
14 Hours
Testimonials (3)
Experience sharing, it's teacher's know-how and valuable.
Carey Fan - Logitech
Course - C/C++ Secure Coding
That we got a complex overview also about the context - for example why do we need some annotations and what they mean. I liked the practical part of the training - having to manually run the commands and call the rest api's
Alina - ACCENTURE SERVICES S.R.L
Course - Quarkus for Developers
The extra information that was shared, the training was not straightforward groovy, which was nice.
