Overview
Description
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get sources and further readings on secure coding practices
Audience
Developers
Course Outline
- IT security and secure coding
- Web application security
- Foundations of Java security
- Practical cryptography
- Java security services
- Common coding errors and vulnerabilities
- Knowledge sources