Introduction to Application Security for Java/J2EE
Course Format: Instructor-led
Course Duration: 2 days
Course Description: Introduction to Application Security for Java/J2EE provides developers with a comprehensive look at developing secure web applications using the Java/J2EE platform. Students are first led through the basics of secure application development to provide a fundamental understanding of the security implications of systems they are building. Then they are led through a number of interactive exercises where they attack a flawed web application. The implications of insecure coding and design practices are explained, and more secure practices, rooted in the Java/J2EE platform, are presented and discussed. The course is targeted toward software architects, developers and quality assurance personnel building software with the Java/J2EE platform as well as security professionals who want an in-depth understanding of threats to web-based applications.
Schedule
Day 1
- Basic Security Principles
- Elements of a Secure Design
Authentication, Authorization and Data Confidentiality and Integrity - Threat Modeling
- Web Proxy Introduction
- Overview of Secure Session Management
Day 2
- OWASP Top 10 Review
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Buffer Overflows
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Denial of Service
- Insecure Configuration Management
- Deployment Configuration
For more information on this course, or to request training on another topic, contact Denim Group.