IT Training

Java Web Security

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Who should attend this course?

Java Developers, Java Application Architects, Java EE Application Server administrators, IT Security managers

Prerequisites

Participants should be comfortable with Java language, syntax and object-oriented application development. They should be familiar with Java 8+.

They should be familiar with Java Web development.

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Concerns for Web Applications

  •  Threats and Attack Vectors
  •  Secure Design Principles
  •  Container Authentication and Authorization
  •  HTML Forms
  •  Privacy Under /WEB-INF
  •  HTTP and HTTPS
  • Top ten OWASP Vulnerabilities

Authentication and Authorization using JAAS

  • Declaring Security Constraints
  • User Accounts and Roles
  • Protecting Credentials in Transit
  • Authorization Over URL Patterns
  • FORM Authentication
  • Session Fixation
  • Programmatic Security

Protecting against Common Web Attacks

  • Injection Attacks
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Predictable Resource Locations
  • Protections in JDBC and JPA
  • Session Management
  • Taking Care of Cookies

Implementing OAuth2 and OpenID Connect

  • Understanding Delegation and its benefits
  • Introducing claims based security
  • Understanding tokens and their representation on the net
  • Introducing OAuth 2
  • OAuth 2 flows
  • OpenID Connect: Adding sign-in to OAuth2

Auditing Security

  • Static code analysis
  • Passive vs. active scanning
  • Automated scans with OAWSP Zap
  • Auditing authentication, session and access control
  • Fuzzing
  • Discovering logic flaws
  • Reporting

Practical information

Duration

3 Days

Languages

EN

Price

€1450,00 + 21% VAT

Location

Classroom/Online Courses

Schedule

Guaranteed to run

English courses
09/2 - 10/2 - 11/2Book
18/5 - 19/5 - 20/5Book
19/10 - 20/10 - 21/10Book
14/12 - 15/12 - 16/12Book

Share this course on

Book your training

Enter your information to confirm your booking.

    Prerequisite test

    Looking for a tailor made solution?