Secure programming is the best defense against hackers. This multilayered hands-on course will demonstrate live real time hacking methods, analyze the code deficiency that enabled the attack and most importantly, teach how to prevent such vulnerabilities by adopting secure coding best practices in order to bullet-proof your J2ee application.
The methodology of the cycle of knowledge is as follows: understand, identify, prevent. This methodology presents the student with analytical tools to keep a deeper understanding of coding vulnerabilities and implement security countermeasures in different areas of the software development lifecycle. The hands on labs will enable the student to get a firsthand experience of the hackers’ world and what could be done to stop him. Using sound programming techniques and best practices shown in this course, you will be able to produce high-quality code that stands up to attack.
The course covers major security principles in the Java framework, programming vulnerabilities, and specific security issues in J2EE web applications.
What is authentication
Store passwords securely
Basic & Digest authentication
Form based authentication
Client side authorization
UI based security
Insecure direct object reference
ACL (Access Control List)
RBAC (Role based ACL)
OS command injection
Data type conversion
File extension handling
Data Confidentiality & Integrity
Secure traffic enforcement
Java Cryptography Architecture (JCA)
Application Denial of Service Vulnerabilities
Application / OS crash
File system starvation
Triggering high network bandwidth
User level DoS
Exploiting a specific vulnerability to cause DoS
Reverse engineering techniques
Jar protection – Signed jar, Sealed jar
Digitally signed applets
Secure object serialization
Exceptions and stack trace
Default error pages
Events you should log
Events you should not log
Abuse of functionality
Java developers in J2EE based applications
Designers & architects
Basic knowledge of the Java framework
Apache/Tomcat, Databases (MySQL/Oracle) & SQL language
Interested in this course? Have any questions?
Let us know and we’ll get back to you…
% Pure Security knowledge!