Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
IT Security & Secure Coding Foundations
- Understanding the CIA triad: Confidentiality, Integrity, and Availability as core security principles
- Common vulnerabilities and attacks across languages/platforms (SQLi, XSS, CSRF, SSRF, etc.)
- The role of a secure SDLC in code-level threat prevention, detection, and mitigation strategies
Web Application Security in Java Context
- OWASP Top Ten: Aligning industry standards with common Java flaws
- Injection mitigation: Prepared statement usage, ORM layers, and parameterized queries
- Authentication vulnerabilities (broken session management, XSS as a vector) and remediation patterns
- Input validation for robustness against directory traversal and path manipulation attacks
Foundations of Java Security & Cryptography Deep Dive
- Core cryptography concepts: symmetric vs. asymmetric encryption, hashing algorithms, digital signatures
- Secure communication protocols: TLS/SSL setup best practices in Java applications (HTTPS)
- Practical lab: Configuring secure connections between web server and backend services using SSL/TLS
Java Security Services & Enterprise Security Features
- Using the built-in security API to implement strong authentication (JAAS, KeyStore, CertificatePath, SecureRandom)
- Managing user sessions with minimal risk of hijacking or fixation
- Lab: Implementing secure session management patterns and mitigating session cookie theft risks
Common Coding Errors & Vulnerabilities in Java
- Recognizing insecure coding patterns that lead to class loading vulnerabilities (CVEs related to deserialization, JAR extraction)
- Preventing unsafe reflection usage from leading to arbitrary code execution under privilege elevation
- Understanding the impact of using insecure logging frameworks and mitigating risk through secure handlers or logging levels
- Hands-on lab: Refactoring insecure Java code samples into secure patterns (FindSecurityBugs refactoring exercise)
Cryptography in Practice & Modern Secure Coding Patterns
- Practical encryption: designing secure key management, protecting sensitive data in transit and at rest
- Hashing for integrity verification: password storage, file content validation, and digital signing workflows
- Lab: Implementing secure data hashing (SHA-256) for password storage and validating stored hashes against input
Advanced Secure Coding & Threat Modeling
- Static code analysis integration into CI/CD pipelines using FindSecurityBugs in Maven/Gradle
- Identifying risk early in the design phase through threat modeling workshops
- Workshop: Applying threat modeling to a sample Java application, prioritizing risks, and implementing secure coding practices
Capstone Project & Secure Coding Roadmap
- Participants select a real-world Java project (web application, microservice, or library)
- Analyzing codebase for OWASP Top Ten vulnerabilities (injection, broken auth, SSI, etc.)
- Refactoring insecure code into best practice patterns and implementing secure service configurations
- Documenting the process, challenges encountered, and new learning outcomes with peer review and facilitator feedback
Open Q&A, Resources Distribution & Final Review
- Open discussion forum to address common secure coding questions, clarify advanced concepts, and share real-world experiences
- Curated resource library: OWASP Java Secure Coding Top Ten CheatSheet, FindSecurityBugs refactoring guide, and recommended secure coding libraries
- Course close and post-training support for applying new skills in ongoing projects
Requirements
- Basic computer skills for operating a modern laptop/desktop OS and standard office productivity tools (word processors, spreadsheets)
- No prior Java programming or security experience is required; a foundational understanding of object-oriented concepts and standard web development workflows is encouraged
- Willingness to engage in hands-on exercises, quizzes, and real-world case study analysis for skill application practice
14 Hours
Testimonials (5)
The patience with which he addressed the questions that arose
Carlos Ceballos - Banco de Mexico
Course - Spring Boot, React, and Redux
Machine Translated
Experience sharing, it's teacher's know-how and valuable.
Carey Fan - Logitech
Course - C/C++ Secure Coding
Excellent topic, use cases, and examples to visualize the delivered material
Gionathan Rodriguez - CENTRO NETEC SPA
Course - Building Microservices with Spring Boot, Docker, and Kubernetes
Machine Translated
That we got a complex overview also about the context - for example why do we need some annotations and what they mean. I liked the practical part of the training - having to manually run the commands and call the rest api's
Alina - ACCENTURE SERVICES S.R.L
Course - Quarkus for Developers
The extra information that was shared, the training was not straightforward groovy, which was nice.
