en
nlfr
IT Training

Java Web Security

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Who should attend this course?

Java Developers, Java Application Architects, Java EE Application Server administrators, IT Security managers

Prerequisites

Participants should be comfortable with Java language, syntax and object-oriented application development. They should be familiar with Java 8+.

They should be familiar with Java Web development.

This training provides the skills necessary to develop secure web applications in Java. It teaches developers common security vulnerabilities (OWASP Top Ten) in Java web applications and the best practices to write secure code. The training covers the security testing practices to put into place in order to detect flaws, fix them and strengthen the security of the application as whole.

Concerns for Web Applications

  •  Threats and Attack Vectors
  •  Secure Design Principles
  •  Container Authentication and Authorization
  •  HTML Forms
  •  Privacy Under /WEB-INF
  •  HTTP and HTTPS
  • Top ten OWASP Vulnerabilities

Authentication and Authorization using JAAS

  • Declaring Security Constraints
  • User Accounts and Roles
  • Protecting Credentials in Transit
  • Authorization Over URL Patterns
  • FORM Authentication
  • Session Fixation
  • Programmatic Security

Protecting against Common Web Attacks

  • Injection Attacks
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Predictable Resource Locations
  • Protections in JDBC and JPA
  • Session Management
  • Taking Care of Cookies

Implementing OAuth2 and OpenID Connect

  • Understanding Delegation and its benefits
  • Introducing claims based security
  • Understanding tokens and their representation on the net
  • Introducing OAuth 2
  • OAuth 2 flows
  • OpenID Connect: Adding sign-in to OAuth2

Auditing Security

  • Static code analysis
  • Passive vs. active scanning
  • Automated scans with OAWSP Zap
  • Auditing authentication, session and access control
  • Fuzzing
  • Discovering logic flaws
  • Reporting

Practical information

Duration

3 Days

Languages

EN

Price

€1450,00 + 21% VAT

Location

Classroom Courses

Schedule

Guaranteed to run

Sessions in English
08/2 - 10/2Book
15/5 - 17/5Book
18/10 - 20/10Book
13/12 - 15/12Book

Share this course on

Book your training

Enter your information to confirm your booking.

    You might also be interested in

    Java, SpringJava, Spring
    Java Design Patterns
    20/3 - 22/3, 07/6 - 09/6, 13 ...
    This training provides a deep understanding of the most common object oriented design patterns. It covers the most useful patterns…
    Java, SpringJava, Spring
    Programming in Java 11
    23/1 - 27/1, 24/4 - 28/4, 04 ...
    This training is a comprehensive study of core Java 11. It teaches the object-oriented programming concepts, the utilities and APIs…
    Java, SpringJava, Spring
    Upgrade from Java 8 to Java 11
    06/2 - 08/2, 08/5 - 10/5, 04 ...
    In this training, you will learn about the new Java 8 to Java 11 features and how to use them…
    Java, SpringJava, Spring
    What’s new in Java 9 to 17
    06/3 - 08/3, 31/5 - 02/6, 18 ...
    In this training, you will learn the important Java new features introduced in Java 9 to Java 17. The course…

    Prerequisite test

    Take the test

    Looking for a tailor made solution?

    Get started with personal training