1-877-WEBUCATE
(1-877-932-8228)
info@webucator.com
 
Microsoft Training
Java Training
XML Training
Database & SQL Training
PHP, Perl, ASP, Groovy, Grails, Ruby on Rails Training
HTML, JavaScript, Ajax & CSS Training
Adobe Training
◊ PRIVATE CORE JAVA TRAINING


Need a private class for your team delivered at your site or a location near you?
For private groups of three or more, Webucator offers completely customizable and cost-effective Core Java classes delivered at your offices or a location near you.

To have someone contact you about these classes, please fill out the form below.

* (Required)
* (Required)
* (Required)
* (Required)
* (Required)
(The number of people requiring training)
(For Federal Government Pricing)
* (Required)

Java Security Training (3 days)

This Core Java class is delivered for private groups onsite at your offices or a location of your choice. It can also be delivered via the Internet for geographically distributed staff.

Click here for our public Core Java classes

Java Development for Secure Systems Course Overview

This course exposes students to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.

The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.

This version of the course targets Java SE 6 and Java EE 5, but it is largely applicable to Java SE 5 and J2EE 1.4 as well, and groups looking for Java training who know they'll be using those earlier platforms are encouraged to use this course. For training within the J2SE 1.4 environment, please see version 1.4 of this course.)

Trademarks used: Java® |

Java Development for Secure Systems Course Goals

  • Design and implement security policies for Java applications, servers, and components.
  • Manage keys and certificates for a Java application, and sign code sources as necessary.
  • Practice secure design and coding, and balance usability with security in UI and API.
  • Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE.
  • Incorporate JAAS authentication into an application.
  • Implement a JAAS LoginModule to connect to your own application data.
  • Secure Java EE applications by URL and role, and integrate JAAS authentication.
  • Avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.

Java Development for Secure Systems Course Prerequisites

Experience in the following areas is required:

  • Solid Java programming experience is assumed - both structured and object-oriented techniques.
  • Some knowledge of Java EE architecture and development is also recommended, though extensive practical experience with Java EE development is not necessary. Our

Java Development for Secure Systems Course Outline

  1. Java SE Security
    1. Holistic Security Practices
    2. Threats to the User
    3. The Class Loader and Bytecode Verifier
    4. System Classes and the Core API
    5. SecurityManager and AccessController
    6. Permissions
    7. Implication
    8. CodeSources
    9. Policies
    10. Configuring Java SE Security
    11. Dynamic Policies
    12. Privileged Actions
  2. Code Signature and Key Management
    1. Encryption and Digital Signature
    2. Keystores
    3. Keys and Certificates
    4. Certificate Authorities
    5. The KeyStore API
    6. Signing JARs
    7. Signed CodeSources
    8. Additional Policy Semantics
  3. Secure Development Practices: Java SE
    1. Code Injection
    2. Final Classes and Methods
    3. Singletons, Factories, and Flyweights
    4. Methods, Collections, and Data Hiding
    5. Sealing JARs
    6. Code Obfuscation
    7. Object Serialization
  4. Cryptography
    1. Threats to Identity and Privacy
    2. The Java Cryptography Extensions
    3. The Signature Class
    4. SignedObjects
    5. The Java Cryptography Extensions
    6. SecretKeys and KeyGenerator
    7. The Cipher Class
    8. Dangerous Practices
    9. HTTP and JSSE
  5. JAAS
    1. Pluggable Authentication Logic
    2. JAAS
    3. Packages and Interfaces
    4. Subjects and Principals
    5. ANDs and ORs
    6. Impersonation Methods
    7. Permissions for JAAS Use
    8. LoginContext and LoginModule
    9. Configuring JAAS
    10. CallbackHandler and Callbacks
    11. Implementing a JAAS Client
    12. Implementing a LoginModule
  6. Java EE Security
    1. Java EE Servers as Code Hosts
    2. Tomcat Security Configuration
    3. Declaring Roles
    4. Securing URLs
    5. HTTP Authentication Schemes
    6. Securing EJBs
    7. Programmatic Security
    8. JAAS in Java EE
    9. Realms and LoginModules
    10. JAAS in Tomcat
    11. JACC
    12. Certifying a Java EE Application
    13. HTTPS Configuration
  7. Secure Development Practices: Java EE
    1. Presentation-Tier Vulnerabilities
    2. User Accounts
    3. MVC and Security
    4. Validating User Input
    5. SQL Injection
    6. Cross-Site Scripting
    7. Reflected XSS
    8. Defeating XSS
    9. OWASP
    10. Penetration Testing
    11. Error Handling and Information Leakage
    12. Logging and Auditing

Java Development for Secure Systems Course Materials

In addition to a comprehensive set of materials, including course notes and all the programming examples, each student will also receive a one-year subscription to Webucator's online reference library, which contains hundreds of the most current electronic technology books - a $149.95 per student value.

Java Development for Secure Systems Course Technical Requirements and Setup Instructions

Click here for technical requirements and setup instructions

Java® and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
home - onsite classes - instructor-led online courses - self-paced online courses - why webucator - partners - contact - sitemap
© 2009 Webucator. All rights reserved. info@webucator.com | Toll Free: 877-WEBUCATE (877-932-8228) | From Outside the USA: 315-849-2724 | Fax: 315-410-5320
Phoenix, AZ | Santa Clara, CA | Santa Clara, CA | Los Angeles, CA | Sacramento, CA | Washington, DC | Atlanta, GA | Chicago, IL | Indianapolis, IN | Muncie, IN
New Orleans, LA Boston, MA | Cambridge, MA | Charlestown, MA | Framingham, MA | Ipswich, MA | Lincoln, MA | Wellesley, MA | Worcester, MA | Bangor, ME | Detroit, MI
Raleigh, NC Winston-Salem, NC | Lincoln, NE | East Hanover, NJ | Eatontown, NJ | Madison, NJ | Parsippany, NJ | Trenton, NJ | Albany, NY | Buffalo, NY | Rochester, NY
New York City, NY | Syracuse, NY | West Babylon, NY | Dayton, OH | Bethlehem, PA | Philadelphia, PA | Pittsburgh, PA | Pittsburgh, PA | State College, PA
Middletown, RI | Rapid City, SD | Austin, TX | Dallas, TX | Houston, TX | Arlington, VA | McLean, VA | Seattle, WA | Toronto, Canada | Ottawa, Canada | Calgary, CA