Secure coding in Java

Korte beschrijving

Learn to write secure Java code and protect your applications from security threats.

Inhoud

Secure coding in Java is all about writing Java code that is free from the most common security risks. In application development, security requirements play a crucial role in all parts of the process. Some of these requirements must be handled by Java developers. It is therefore important to identify those components that may pose a higher risk and mitigate these risks using proven solutions (i.e., from the OWASP site). By the end of this course, participants will be able to identify code components that may be subject to security weaknesses, mitigate security risks using proven solutions, and build a Java web application that is protected against most common security threats.


Mastering secure coding in Java goes beyond the realm of just writing code. It’s about gaining a comprehensive understanding of the security landscape and leveraging tried-and-tested solutions to counteract risks. Our trainers, with their practical experience, bring theoretical concepts to life, offering insights from the real world and sharing best practices. This blend of theory and practice enriches the learning experience, making it more impactful and relevant.

Doelgroep

• Java Developers: Enhance your coding skills and learn to write secure code.
• Application Security Analysts: Understand the common security risks in Java applications and how to mitigate them.
• Security Architects: Learn about secure coding practices in Java and how to incorporate them into your security architecture.
• IT Managers: Understand the importance of secure coding in Java and how it impacts your IT operations.
• Software Testers: Learn about the common security risks in Java applications and how to test for them.

Voorvereisten

Participants should have a basic understanding of Java programming and web application development. Familiarity with security concepts would be beneficial but is not mandatory.

Doelstelling

Knowledge and Understanding:
Application and Analysis:
Synthesis and Evaluation:
Implementation and Creation:

• You can implement basic authentication and form-based authentication.
• You comprehend the concept of OAuth 2 and can implement it.
• You understand CSRF (Cross-Site Request Forgery) tokens and can implement their use.
• You grasp the concept of an IDP (Identity Provider) and a JWT (JSON Web Token) and can implement a JWT.
• You recognize the importance of logging security-related events.
• Remember to bring your own laptop and be prepared to install software for this training.
• You grasp the necessity of GDPR (General Data Protection Regulation) and can identify GDPR-sensitive data.
• You can use the OWASP site to identify security issues and risks, and you understand the top 10 vulnerabilities listed there.
• You can explain injection attacks and how to sanitize user input.
• You understand XSS (cross-site scripting) attacks and XXE (XML external entity) attacks.
• You can explain the concept of RSA encryption and understand how SSL is used.
• You comprehend certificates in SSL, particularly their role in website identification and content signing.
• You can generate a self-signed certificate.
• You understand the concept of hashing, the difference between hashing and encryption, and can implement these concepts.
• You can explain the benefits of security and understand why using SSD is essential.
• You can elaborate on why companies need to comply with security standards and apply them in practice.