|
Secure Coding for Java Developers
Duration: Two days
Structure: A combination of theory, practical examples, and hands-on training
Max. Class Size: 20 students
Course Summary ::
This two-day course is designed to show Web application developers the dangers of insecure coding practices, specific ways their code can be exploited, and how to write code to avoid introducing vulnerabilities. This highly practical, interactive course will focus on secure coding techniques and methodologies that can be immediately applied in your applications. The class uses real-world examples, walking through real code samples, using live, feature rich applications, and showing how to hunt down, debug, and mitigate these flaws with better coding practices.
Who Should Attend ::
– Java developers, architects, QA staff
Prerequisites ::
– Must understand Java programming.
– Familiarity with Web application development (HTML, servlets, .JSP) is required
– Comfort with any major Java IDE (NetBeans, IntelliJ, Eclipse, etc.) is required
– Familiarity with TomCat, or another comparable servlet container, is required
– Familiarity with Java command line interface is required
– Familiarity with encryption and SSL is helpful but not required
Student Materials ::
WhiteHat will provide the following:
– A CD of tools and reference material
– Access to a fully-featured sample Web application for hands-on
practical exercises
– Written course material
– A certificate of completion
Attendees should bring:
– A laptop running Windows that can access the Internet; one which
the student will need sufficient privileges to install software
– Firefox version 2 or higher, and Internet Explorer version 7 or higher installed.
– Current version of Adobe Acrobat reader installed
– A Java IDE, preferably Eclipse/Netbeans installed
– TomCat 5.5+ and JRE 1.5+ installed
Benefits ::
This course will teach you:
– How Web applications are attacked by hackers
– How these attacks work
– What coding mistakes that make you vulnerable to these attacks
– How to make your code secure
Course Details ::
I. Defining the Attacks
II. Inherent Problems and Limitations of Internet Architecture
– HTTP request/response flow
– Session management
– Cookies
– Encoding/Decoding URLs, character sets, and HTML entities
III. Looking at Vulnerabilities in Java Code
– How people exploit Web applications
– Why you can never trust anything that comes from the client
IV. Components of Writing Secure Code
The following modules cover seven core areas of concern for writing secure Java code for Web applications:
– Input handling
– Authentication and session management
– Access control/authorization
– Exception handling and logging
– Encryption
– General Java mechanics
– Bypassing business logic flow
For each of these areas, the course will cover:
– Theory and basics
– Recommended security practices
– Gotchas and implementation concerns
– Example exploits
– Hands-on exercises, where the students will find, exploit, debug,
and fix security flaws in Java code
|
Sign Up For a Corporate Class :: Send an email to Education Services. Please include your: name, company name, phone number, the number of students, and which course(s) you are interested in.
Sign Up For a Public Class :: If you are interested in attending a public class contact Education Services. Let us know where you are located, and we will get back to you with information on classes near you.
|
