D-SECURE-JAVA
Building Secure Applications with Java and JavaEE
This advanced cource is designed for building secure applications with Java and Java EE. Main topics are
  • Software Development Life Cycle
  • Java Application Security
  • OWASP Java Best Practices

Description

Course include:
  1. OWASP
  2. Web Application Security Consortium
  3. OpenSAMM
  4. Enterprise Security Concepts
    1. Basic Vulnerability Terminology
    2. Enterprise Security APIs
    3. Software Development Life Cycle & Security Guideline
    4. Software Assurance Maturity Model
  5. Security in Software Development Lifecyle
    1. Security Requirements
    2. Threat Modeling
    3. Secure Design Guidelines
    4. Secure Coding Guidelines
    5. Testing for web application security
    6. Secure administration and Security within Change Management
    7. Deployment WebApp Security Controls
    8. Secure Development Life Cycle
    9. Web Application Security Roles and Responsibilities
  6. OWASP Top 10 Web Application Security & Vulnerabilities
    1. A1: Injection
    2. A2: Broken Authentication and Session Management
    3. A3: Cross Site Scripting
    4. A4: Insecure Direct Object Reference
    5. A5: Security Misconfiguration
    6. A6: Sensitive Data Exposure
    7. A7: Missing Function Level Access Control
    8. A8: Cross Site Request Forgery (CSRF)
    9. A9: Using Known Vulnerable Components
    10. A10: Unvalidated Redirects and Forwards
    11. A9: Using Known Vulnerable Components
    12. A10: Unvalidated Redirects and Forwards
    13. A9: Using Known Vulnerable Components
    14. A10: Unvalidated Redirects and Forwards
  7. Testing for Vulnerabilities
    1. Web Application Security
    2. Software Security Assurance (SSA)
    3. Find Vulnerabilities
    4. Testing for application vulnerabilities
    5. Black Box vs. Gray Box
    6. Tools of the trade
    7. WebGoat
    8. The Zed Attack Proxy
    9. LAPSE+
  8. Secure Development Practices
    1. Validating User Input
    2. Authentication
    3. Authorization
    4. Session Management
    5. Using Interpreters
    6. Crypto
    7. Catching Errors
    8. File System
    9. Configuration
    10. Web 2.0
  9. Java Security Overview
    1. Information Security Principles
    2. Controls for Information Security
    3. Java EE Security Needs
    4. Java EE Security Components
    5. Securing EJBs and Web Applications
  10. Enterprise Security API (ESAPI)
    1. ESAPI - Goals
    2. ESAPI to OWASP Top 10 Mapping
    3. ESAPI Maturity
    4. ESAPI Approach
  11. SQL Injection Protection
    1. SQL Injection Attacks
    2. Finding SQL Injection Bugs
    3. Mitigating SQL Injection
    4. Methods to prevent SQL Injection

Audience

Java Developers

Duration

2 days

Format

Instructor Lead

Prerequisites

An advanced knowledge of Java is a prerequisite for this course