Secure Coding - Java

The central idea of this highly technical seminar is to work with realistic code examples and numerous practical exercises. By teaching common attack vectors and vulnerabilities as well as appropriate countermeasures, the participants will be able to produce more secure code in the future and adequately reflect on potential neuralgic points of an application. In our modern training environment, realistic vulnerabilities are identified, corrected, solutions verified and discussed (individually or in small groups). The following questions are addressed over and over again for the given scenario:

  • What do realistic attacks look like and what are their consequences?
  • How can errors in the design and implementation phase be avoided?
  • How do I avoid common implementation mistakes?
  • How do I identify vulnerabilities in existing code?

In the course of the training, dedicated code examples with built-in vulnerabilities, primarily from the OWASP Top 10, will be analyzed and then independently corrected, discussed and, if necessary, verified either statically or at runtime. Our modern training environment guarantees efficient access to the exercise material. Most of the participants’ solutions are checked automatically, allowing each participant to receive independent feedback on his or her own learning success, adjusted to their individual speed.

All contents can be adapted specifically to your needs!

Content

  • General structuring
    • Input and output handling
    • Authentication and password management
    • Session management
    • Access control
    • Cryptography
    • Error handling and logging
    • data protection
    • Kommunikationssicherheit
    • System configuration
    • Communications security
    • File management
    • Memory management
  • Selection of considered topics (customizable):
    • Bean-Validation
    • Bcrypt/Scrypt
    • JCE, JCA, JSSE
    • JPA / prepared statements
    • Servlet, JSP, JSTL, JSF, facelets
    • JSoup
    • Coverity
    • JSON web token (JWT)
    • JQuery
    • DOMPurify
    • Xerces, JAXB, Jackson, Jersey usw.

Target Audience

  • Software developers
  • Software architects

Duration

3 to 5 days

Prerequesites

Best Practices for Secure Webapplications or similar level of knowledge

Trainer

Java Advanced Secure Coding Mirko Richter
Experienced SSDLC consultant with 15+ years of experience

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

You might also be interested in these trainings:

all trainings
Java Advanced Secure Coding

Your Contact:

Dr.-Ing. Benjamin Kellermann

Contact us via email.
Or call us or use our special contact form.