Target Audience: JAVA / WEB Developers
The training targets experienced Java developers who use the Java platform and Java-related technologies to develop web or desktop applications. Aligned to this, it tackles general web-related security issues –including both server-and client-side vulnerabilities –in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The Java and Web Application Security Mastercourse training course also introduces the basic security solutions provided by the Java language and the runtime environment, including the different security-related services of the Java Enterprise Edition, Spring, Hibernate and many others. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java, Java EE, Spring and the latest web-and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
What the attendee will learn:
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn about XML security
- Learn client-side vulnerabilities and secure coding practices
- Have a practical understanding of cryptography
- Learn to use various security features of the Java development environment
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Understand security concepts of Web services
- Learn about JSON security
- Learn about Hibernate security
- Understand security solutions of Java EE
- Learn about JSF and PrimeFaces security
- Learn about Spring security
- Learn about denial of service attacks and protections
- Get practical knowledge in using security testing techniques and tools
- Get sources and further readings on secure coding practices