IT Training

Java Web Security

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Qui devrait suivre ce cours?

Java Developers, Java Application Architects, Java EE Application Server administrators, IT Security managers

Prérequis

Participants should be comfortable with Java language, syntax and object-oriented application development. They should be familiar with Java 8+.

They should be familiar with Java Web development.

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Concerns for Web Applications

  •  Threats and Attack Vectors
  •  Secure Design Principles
  •  Container Authentication and Authorization
  •  HTML Forms
  •  Privacy Under /WEB-INF
  •  HTTP and HTTPS
  • Top ten OWASP Vulnerabilities

Authentication and Authorization using JAAS

  • Declaring Security Constraints
  • User Accounts and Roles
  • Protecting Credentials in Transit
  • Authorization Over URL Patterns
  • FORM Authentication
  • Session Fixation
  • Programmatic Security

Protecting against Common Web Attacks

  • Injection Attacks
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Predictable Resource Locations
  • Protections in JDBC and JPA
  • Session Management
  • Taking Care of Cookies

Implementing OAuth2 and OpenID Connect

  • Understanding Delegation and its benefits
  • Introducing claims based security
  • Understanding tokens and their representation on the net
  • Introducing OAuth 2
  • OAuth 2 flows
  • OpenID Connect: Adding sign-in to OAuth2

Auditing Security

  • Static code analysis
  • Passive vs. active scanning
  • Automated scans with OAWSP Zap
  • Auditing authentication, session and access control
  • Fuzzing
  • Discovering logic flaws
  • Reporting

Informations practiques

Durée

3 Days

Langues

EN

Prix

€1450,00 + 21% VAT

Emplacement

Classroom Courses

Plannings

Guaranteed to run

Cours d'anglais
08/2 - 10/2Réserver
15/5 - 17/5Réserver
18/10 - 20/10Réserver
13/12 - 15/12Réserver

Partagez ce cours sur

Réservez votre formation

Entrez vos informations pour confirmer votre réservation.

    Test de pré-requis

    Vous cherchez une solution sur mesure ?