SEC.301 Secure Coding Java

Beginner training for secure software development
Duration: 3 days
Costs: € 2364 plus VAT
Requirements: Experience in web technologies and Java
Training Format: Public and in-house training possible

The Secure Coding training for Java teaches the correct usage of exception handling, multi-threading and other Java-specific methods that are necessary as a basis for developing robust code. In addition, various cryptographic technologies will be discussed, including encryption, hashing and digital signatures. Classical web attacks such as cross-site scripting, SQL injection and cross-site request forgery will be explained as well as how applications can be protected against them. Practical exercises are used to create a deep understanding of the different subject areas. In order to further increase the code quality, the correct handling of code reviews is demonstrated as well as how the learned techniques can be integrated into the Secure Development Lifecycle.

Content of Training

  • Introduction to IT Security
    • Evolution of Cyberattacks
    • Types of Attackers
    • IT-Security 101
  • Preparation for an Attack
    • Risk Analysis
    • Open Source Intelligence
  • Attacks on Input Parameters
    • SQL Injections
    • Cross-Site Scripting (XSS)
    • Overflow, Underflow and Upcasting
    • Code Injections
    • Deserialization
    • Web Application Firewalls
  • Sniffing of Login Data or Tokens
    • Plaintext Authentication
    • Authentication without PKI
    • Authentication with bad/old Cipher Suites
  • Attacks on a Thick-Client
    • Secrets within the Client Software
    • Modification of Client Software
    • Abuse of Client Software
  • Attacks on Session and Authentication
    • Path Traversal
    • Session Prediction
    • Session Fixation
    • Java Web Tokens
  • Attacks on Session and Authentication Part 2
    • Brute-Force Attacks
    • Cross-Site-Request Forgery (CSRF)
    • Open Redirect
    • Two Factor Authentication
    • Logs
  • Secure Development Lifecycle
    • Code Review
    • Static & Dynamic Analyse
    • Secure Software Development Process
    • PSIRT

After the training the participants should

  • understand how attacks work and start thinking like an attacker
  • understand why secure software development is important and why to implement it
  • understand what steps are necessary for a secure software development
  • be capable to integrate secure development into their area of responsibility

Upon Request

Are you interested in a SEC.301 Secure Coding Java Training? Contact us!

Request training