Secure Coding for Java Developers
This two-day course uses a combination of theory, practical examples, and hands-on training. It is designed to show Web application developers:
– The dangers of insecure coding practices
– Specific ways their code can be exploited
– How to write code to avoid introducing vulnerabilities
This highly practical, interactive course will focus on secure coding techniques and methodologies that can be immediately applied in your applications. The class uses real-world examples, walking through real code samples, using live, feature rich applications, and showing how to hunt down, debug, and mitigate these flaws through better coding practices.
Benefits
– Learn how hackers attack Web applications
– Discover how these attacks work
– See what coding mistakes make you vulnerable
– Learn how to make your code secure
Who Should Attend
– Java developers, architects, QA staff
Duration
Available as a two-day workshop
Prerequisites
– Must understand Java programming
– Familiarity with Web Application development (HTML, servlets, .JSP) is required
– Comfort with any major Java IDE (NetBeans, IntelliJ, Eclipse, etc.) is required
– Familiarity with TomCat, or comparable servlet container, is required
– Familiarity with Java command line interface is required
– Familiarity with encryption and SSL is helpful, but not required
Structure
A combination of theory, practical examples, and hands-on training.
Contact
WhiteHat Security also offers on-site education sessions for groups of 20 or more. Public courses are also available to individuals in cities across the country. To find out more about WhiteHat Education Services course curriculum, contact our corporate office at 408.343.8300.
Download a course overview ::  (162K PDF) ›››
|
Secure Coding for Java Developers
Defining the Attacks
Inherent Problems and Limitations of Internet Architecture
– HTTP request/response flow
– Session management
– Cookies
– Encoding/Decoding URLs, character sets,
and HTML entities
Looking at Vulnerabilities in Java Code
– How people exploit Web applications
– Why you can never trust anything that
comes from the client
Components of Writing Secure Code
The following modules cover seven core areas of concern for writing secure Java code for Web applications:
– Input handling
– Authentication and session management
– Access control/authorization
– Exception handling and logging
– Encryption
– General Java mechanics
– Bypassing business logic flow
For each of these areas, the course will cover:
– Theory and basics
– Recommended security practices
– “Gotchas” and implementation concerns
– Example exploits
– Hands-on exercises, where the students
will find, exploit, debug, and fix security
flaws in Java code
|
