Medical Transcription Training:Medical Transcriptionists:Certified or Registered Medical Transcriptionists:CMT:RMT training courses Company Information Consulting Course Catalog Contact Us Request a Quote Government Corporate
 


We are here to help...
Let us answer your questions.
With easy ways to get the answers you need:
Call Me
Or call us at:
      1-888-742-3214

Foundstone Writing Secure Code - Java (J2EE) Training
ONSITE TRAINING
Software insecurity has become one of the biggest security concerns facing organizations today. As hackers turn their attention to the software and applications that make up an organization's IT infrastructure, people are realizing that the best way to protect that infrastructure is by building secure software and writing secure code at the onset. During this course, students will understand the key security features of the Java Platform, Enterprise Edition (Java EE), identify and avoid common web security pitfalls, and learn how to build secure and reliable web applications using Java. Students will be guided through hands-on code examples that highlight security issues and demonstrate prescriptive solutions for the prevention of application vulnerabilities.

Foundstone Writing Secure Code - Java (J2EE) Training:

Related Courses:

What You'll Learn

  • The process and techniques of writing secure code
  • The most common web application vulnerabilities and how to avoid them
  • Effective authentication and authorization techniques
  • Cryptography
  • Secure user management systems
  • Data validation strategies
  • Effective error handling and exception management
  • Software security review techniques

Course Outline:

Day 1 - Introduction, Java Platform Security, and Cryptography

  • Introduction
  • ---Overview of course content and format
  • ---Secure Design Principles
  • ---Introduction to Hacme Books
  • ---Demonstration (Hacme Books Penetration Test): Students observe (and may optionally participate) as the instructor exploits numerous common vulnerabilities in Hacme Books, a Java web application that is designed to function as a real-world online bookstore.
  • Java Platform Security
  • ---Java Language Security Features
  • ---Java Virtual Machine (JVM) Security Mechanisms
  • ---SecurityManager and Security Policy
  • ---Java Authentication and Authorization Service (JAAS)
  • ---Overview of JSP, Servlet, and EJB Security Features
  • Cryptography
  • ---Overview of Cryptography
  • ---Common Mistakes
  • ---Random Numbers
  • ---Java Cryptography Extension (JCE)
  • ---Key Storage and Generation
  • ---Java Secure Sockets Extension (JSSE)
  • ---XML Encryption and Digital Signatures
  • ---Lab (Cryptography): Students learn to encrypt credit card numbers using a utility class that simplifies usage of the Java Cryptography Extension. Students discuss the ideal architectural placement of cryptography code.

Day 2 - Authentication, Authorization, Error Handling, and Data Validation

  • Authentication
  • ---Authentication Protocols
  • ---Common Mistakes
  • ---Servlet Container Authentication
  • ---Single Sign-On
  • ---Code Signing
  • ---Lab (Authentication): Students learn how to configure authentication Realms (credential stores) using ---Tomcat, a popular open-source Java servlet container.
  • Authorization
  • ---Access Control Models
  • ---Common Mistakes
  • ---Least Privilege
  • ---Discretionary Access Control
  • ---Role-Based Access Control
  • ---Cross-Site Request Forgery (CSRF)
  • ---Servlet Container Authorization
  • ---Session Management
  • ---EJB Authorization Controls
  • ---Custom Authorization Implementations
  • ---Lab (Authorization): Students learn how to implement a custom role-based access control (RBAC) solution using Java EE programmatic authorization.
  • Error Handling and Exception Management
  • ---Java Exception Fundamentals
  • ---Exception Handling Patterns and Anti-patterns
  • ---Best Practices for Handling User Errors
  • ---Servlet, JSP, EJB, and Struts Exception Frameworks

Day 3 - Client-Side Security, Advanced Java Security, and Logging

  • Data Validation
  • ---Common Mistakes
  • ---Trust Boundaries
  • ---Data Validation Design
  • ---Validation Strategies and Tactics
  • ---Web Application Firewalls
  • ---Character Encoding and Security
  • ---Regular Expressions
  • ---Common Data Validation Attacks
  • ---Validating Non-textual Data
  • Client-Side Security
  • Common Mistakes
  • ---Reverse Engineering
  • ---Code Obfuscation
  • ---Anti-Tampering Measures
  • ---Lab (Client-Side Security): Students reverse engineer a Java client application to subvert authorization controls.
  • Advanced Java Security
  • ---Access Protection
  • ---Thread Safety
  • ---Defensive Coding
  • ---Serialization
  • ---Java Native Interface (JNI)
  • Logging and Auditing
  • ---Common Mistakes
  • ---What To Log?
  • ---Auditing
  • ---What To Do With Log Files
  • ---Logging Frameworks in Java

Day 4 - User Management and Secure Code Review

  • User Management
  • ---Common Mistakes
  • ---Secure Password Storage
  • ---Password Reset Schemes
  • ---Password Lockout Schemes
  • ---Password Length and complexity
  • Secure Code Review
  • ---Secure Code Review Methodology
  • ---Threat Modeling
  • ---Automated Source Code Analysis
  • ---Identifying Common Mistakes
  • ---Extended Lab (Java EE Architecture Analysis and Secure Code Review): Students perform threat modeling and code review for the Hacme Books web application to identify flaws and locate defective code, then re-engineer and implement a secure design.
 

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form.