Secure Coding For Java Developers (June 2023 - 3 days)

Where: Online, Virtual, UNITED STATES
This event can also be attended online.

Course Dates: June 20 - 22, 2023 (3 days)
Course Fee: $1,995 U.S.

In the Secure Coding for Java Developers course, students get familiar with security principles, in particular concepts that are relevant for Java programmers. This course takes students through the security issues intrinsic to the Java programming languages and associated libraries. The course consists of two parts, a theoretical lecture-based part providing the basics around various topics like security in general, cryptography, authentication & authorization, injection attacks and secure coding, as well as a hands-on practical part. After this course, the participants will be able to develop robust and secure Java applications.

The theoretical part covers the following areas:

Introduction to Cyber Security

  • Cyber attacks
  • Types of attacks
  • Cyber security 101

Introduction of Cryptography

  • Encryption
  • Hashing
  • Signatures
  • Public-Key infrastructures
  • SSL / TLS

Introduction to Authentication and Authorization

  • Authorization concepts in general
  • Session management
  • Password handling and management
  • Multi-factor authentication

Injection Attacks

  • SQL injection
  • Command injection
  • LDAP injection
  • Cross site scripting (XSS)

Introduction to Secure Coding and Motivation

  • History and security incidents in the past
  • Common pitfalls
  • Software dependencies
  • etc.

Secure Coding Best Practices in Java#

  • Security best practices
  • Proper usage of types
  • Encapsulation
  • Code signing
  • Input data sanitization
  • Logging
  • Concurrency / multithreading
  • Exception handling
  • Data serialization and deserialization
  • Security libraries and frameworks

API Security Considerations

  • Security best practices
  • GraphQL

Wrap Up

  • Code reviews
  • Static code analysis
  • Dynamic code analysis / testing
  • Secure software development process

About the Labs for this Course

The practical part of this course will deepen the knowledge of the attendees and consist of multiple hands-on exercises allowing to strengthen and practice the theoretical skills that were learned:

  • Vulnerability discovery and exploitation: This part of the course relates to the identification and exploitation of an actual vulnerability within a vulnerable backend application written in Java. CODE Training created a vulnerable application to demonstrate common security errors and remediation as part of the hands-on exercises for this course.
  • Remediation and mitigation: The hands-on labs requires the attendees to apply the knowledge from this course and requires them to remediate the vulnerabilities within the backend application.