Java Development for Secure Systems Version 6.0 Courses and other IT courses from TEKsystems Education Services

Note: All fields are required

First Name:

Last Name:

Company:

Title:

Email Address:

Phone Number:

Address:

City:

State:

Zip Code:

Which Topic(s) Currently Interests Your Organization:

Tell Us More:

I have an immediate training or educational service need and I wish to be contacted today

I am a current TEKsystems Education Services client and wish to speak to someone

I have a training budget approved and I am ready to talk to someone about the details of my organization’s training need

I do not have an approved training budget, but I have a need and would like to talk to TEKsystems Education Services about their solutions

Unfortunately, I do not have a group training request

At the present time we do not offer training for individuals or groups less then 6 individuals. We apologize for any inconvenience.

My Delivery Method Needed Is:

Instructor-Led Classroom Training

Instructor-Led Virtual Training

Self-Paced Online Training

Code Number:

We Value Your Privacy!

Course Code:	IN 776
Course Abstract:	This course exposes attendees to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that participants will be exposed to SE basics such as access controller, permissions, and policies; and traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform. The course emphasizes hands-on exercise, and participants will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - attendees begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc. This version of the course targets Java SE 6 and Java EE 5, but it is largely applicable to Java SE 5 and J2EE 1.4 as well, and groups looking for Java training who know they'll be using those earlier platforms are encouraged to use this course.
Audience:	This course is designed for individuals who are Java developers.
Duration:	3 days
Learning Outcomes:	Upon completion of this course, the participant will be able to: > Design and implement security policies for Java applications, servers, and components. > Manage keys and certificates for a Java application, and sign code sources as necessary. > Practice secure design and coding, and balance usability with security in UI and API. > Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE. > Incorporate JAAS authentication into an application. > Implement a JAAS LoginModule to connect to your own application data. > Secure Java EE applications by URL and role, and integrate JAAS authentication. > Avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.
Course Topics:	Chapter 1. Java SE Security Holistic Security Practices Threats to the User The Class Loader and Bytecode Verifier System Classes and the Core API SecurityManager and AccessController Permissions Implication CodeSources Policies Configuring Java SE Security Dynamic Policies Privileged Actions Chapter 2. Code Signature and Key Management Encryption and Digital Signature Keystores Keys and Certificates Certificate Authorities The KeyStore API Signing JARs Signed CodeSources Additional Policy Semantics Chapter 3. Secure Development Practices: Java SE Code Injection Final Classes and Methods Singletons, Factories, and Flyweights Methods, Collections, and Data Hiding Sealing JARs Code Obfuscation Object Serialization Chapter 4. Cryptography Threats to Identity and Privacy The Java Cryptography Extensions The Signature Class SignedObjects The Java Cryptography Extensions SecretKeys and KeyGenerator The Cipher Class Dangerous Practices HTTP and JSSE Chapter 5. JAAS Pluggable Authentication Logic JAAS Packages and Interfaces Subjects and Principals ANDs and ORs Impersonation Methods Permissions for JAAS Use LoginContext and LoginModule Configuring JAAS CallbackHandler and Callbacks Implementing a JAAS Client Implementing a LoginModule Chapter 6. Java EE Security Java EE Servers as Code Hosts Tomcat Security Configuration Declaring Roles Securing URLs HTTP Authentication Schemes Securing EJBs Programmatic Security JAAS in Java EE Realms and LoginModules JAAS in Tomcat JACC Certifying a Java EE Application HTTPS Configuration Chapter 7. Secure Development Practices: Java EE Presentation-Tier Vulnerabilities User Accounts MVC and Security Validating User Input SQL Injection Cross-Site Scripting Reflected XSS Defeating XSS OWASP Penetration Testing Error Handling and Information Leakage Logging and Auditing Appendix A. Learning Resources
Prerequisites:	Solid Java programming experience is assumed - both structured and object-oriented techniques. Some knowledge of Java EE architecture and development is also recommended, though extensive practical experience with Java EE development is not necessary.

Java Development for Secure Systems Version 6.0 Course

Hot Courses

Top Skills

Testimonials

Agile
AJAX and Web 2.0
Business Analysis
Business Practices
Cisco
Communications
Customer Service/Communications
Data Warehousing
Database Developer
End User
Enterprise Architecture
Internet Application Developer
Lotus
Mainframe
Messaging Infrastructure
Networking
Operating Systems
Programming Languages
Programming Methodologies
Project Management
Project Management
Quality Assurance
Relational Databases
Reporting Tools
SAP
Scrum Master
Security
Server Applications
SQL & PL/SQL Programming
Testing
Testing and Quality Assurance
Virtualization
Web Technologies
Wireless Technology