Secure Coding - Java

The central idea of this highly technical seminar is to work with realistic code examples and numerous practical exercises. By teaching common attack vectors and vulnerabilities as well as appropriate countermeasures, the participants will be able to produce more secure code in the future and adequately reflect on potential neuralgic points of an application. In our modern training environment, realistic vulnerabilities are identified, corrected, solutions verified and discussed (individually or in small groups). The following questions are addressed over and over again for the given scenario:

  • What do realistic attacks look like and what are their consequences?
  • How can errors in the design and implementation phase be avoided?
  • How do I avoid common implementation mistakes?
  • How do I identify vulnerabilities in existing code?

In the course of the training, dedicated code examples with built-in vulnerabilities, primarily from the OWASP Top 10, will be analyzed and then independently corrected, discussed and, if necessary, verified either statically or at runtime. Our modern training environment guarantees efficient access to the exercise material. Most of the participants’ solutions are checked automatically, allowing each participant to receive independent feedback on his or her own learning success, adjusted to their individual speed.

All contents can be adapted specifically to your needs!

Content

  • General structuring
    • Input and output handling
    • Authentication and password management
    • Session management
    • Access control
    • Cryptography
    • Error handling and logging
    • data protection
    • Kommunikationssicherheit
    • System configuration
    • Communications security
    • File management
    • Memory management
  • Selection of considered topics (customizable):
    • Bean-Validation
    • Bcrypt/Scrypt
    • JCE, JCA, JSSE
    • JPA / prepared statements
    • Servlet, JSP, JSTL, JSF, facelets
    • JSoup
    • Coverity
    • JSON web token (JWT)
    • JQuery
    • DOMPurify
    • Xerces, JAXB, Jackson, Jersey usw.

Target Audience

  • Software developers
  • Software architects

Duration

3 to 5 days

Prerequesites

Best Practices for Secure Webapplications or similar level of knowledge

Trainer

Java Advanced Secure CodingMirko Richter
Experienced SSDLC consultant with 15+ years of experience

Wenn Sie auf der Seite weitersurfen, stimmen Sie der Cookie-Nutzung zu.
If you continue to visit the site, you agree to the use of cookies.
Privacy Policy / Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close