Secure programming is the best defense against hackers. This multilayered hands-on course will demonstrate live real time hacking methods , analyze the code deficiency that enabled the attack and most importantly, teach how to prevent such vulnerabilities by adopting secure coding best practices in order to bullet-proof your J2EE application.
The methodology of the Cycle of knowledge is as follows: Understand, Identify, Prevent. This methodology presents the student with analytical tools to keep a deeper understanding of coding vulnerabilities and implement security countermeasures in different areas of the software development lifecycle. The hands on labs will enable the student to get a firsthand experience of the Hackers world and what could be done to stop him. Using sound programming techniques and best practices shown in this course, you will be able to produce high-quality code that stands up to attack.
The course covers major security principles in the Java framework, programming vulnerabilities, and specific security issues in J2EE web applications and JNLP applications.
What is authentication
Store passwords securely
Basic & Digest authentication
Form based authentication
Client side authorization
UI based security
Insecure direct object reference
ACL (Access Control List)
RBAC (Role Based ACL)
OS command injection
Data type conversion
Reflected / Stored Cross Site Scripting
XSS prevention cheat sheet
Cross Site Request Forgery (CSRF)
Anti CSRF token
File extension handling
Data Confidentiality & Integrity
Secure traffic enforcement
Java Cryptography Architecture (JCA)
Exceptions and stack trace
Default error pages
Events you should log
Events you should not log
Abuse of functionality
Members of the software development team:
- Java developers in J2EE based applications
- Designers & architects
Basic knowledge of the Java framework
Apache/Tomcat, Databases (MySQL/Oracle) & SQL language
Interested in this course? Have any questions?
Let us know and we’ll get back to you…
% Pure Security knowledge!