UPCOMING TRAINING EVENTS TBC Register your interest here


About Ben Evans

Ben is author of four well-known O’Reilly books: The Well-Grounded Java Developer, Java: The Legend, the new edition of Java in a Nutshell and the recently released Optimizing Java. Ben is a regular speaker and educator on topics such as the Java platform, systems architecture, security, performance and concurrency at companies and conferences all over the world. He helps run the London Java Community, and represents the user community on Java’s governing body, the JCP Executive Committee. He is a Java Champion and 3-time JavaOne Rock Star Speaker.


Course Description


Ben presents this up-to-date overview of Security in a Development environment. He integrates some labs as part of this session, so participants are required to bring a laptop.



1 Day


Target Audience

Developers, Architects and Development Managers


Course Prerequisites

No specific requirements. 1-2 years development (ideally in Java or .NET) a significant advantage


Course Content

– Assets and Data
– Intellectual Property and Secrets
– Physical Assets
– Asset Classification and Replaceability

   Risks and Threats
– Top Data Breaches
– Risks
– Key components of a Risk
– Top Sectors for Attacks

Security Primer
– Risks & Threat Glossary
– Encryption Glossary
– Cryptography Glossary
– Hashing – Digital Signature
– Breaking a cryptographic system

Four Case Studies
– SWIFT Messaging
– Bitcoin & Ransomware
– Sony Pictures
– Stuxnet

Security Basics
– Infrastructure Attacks
– Why Use Risk Metrics?
– Cognitive Biases
– Attack Types
– Operational Security (OpSec)
– The Rugged Manifesto

Security in the Enterprise
– Legal aspects and related definitions
– Understanding Technical and Operational Risk
– Complexity of Enterprise Environment
– Legacy, Lifetime and “Crossing the Chasm”
– Complex Threat Landscape
– Vendor Risk

Application Security Architecture
– Separation of concerns
– Authentication and Authorisation
– Entitlement systems
– Defence in Depth
– Static Analysis Techniques
– OWASP project

Web Security
– What’s Good About the Web?
– What’s Bad About the Web?
– Javascript is Really Evil
– SQL Injection
– Introduction to TLS
– TLS proxying

Case Studies
– HMRC Web Rebate
– Heartbleed
– Shellshock
– Mobile Security

The Future of the Web
– HTTP and HTTP/2
– Future Web Architecture


See more Java courses