Limes Academy / Security Engineering Training / SEC.301 Secure Coding Java

Secure Coding Training for Java

The Secure Coding training for Java teaches the correct usage of exception handling, multi-threading and other Java-specific methods that are necessary as a basis for developing robust code. In addition, various cryptographic technologies will be discussed, including encryption, hashing and digital signatures. Classical web attacks such as cross-site scripting, SQL injection and cross-site request forgery will be explained as well as how applications can be protected against them. Practical exercises are used to create a deep understanding of the different subject areas. In order to further increase the code quality, the correct handling of code reviews is demonstrated as well as how the learned techniques can be integrated into the Secure Development Lifecycle.

The training is particularly recommended for

developers who do develop on a daily basis.The training offers a healthy mix of Back-end and Front-end developer topics and also includes several topics regarding for Software Architects.

The training in a nutshell

  • Ideal entry-level training for secure software development
  • Duration: 3 days
  • Course Language: German or English
  • Requirements: No previous knowledge, own notebook necessary
  • Completion with certificate of participation
  • Public and in-house training possible

Content of training

The participants can expect the following content for the selected training:

Day 1

  • Introduction to IT Security
    • Evolution of Cyberattacks
    • Types of Attackers
    • IT-Security 101
  • Preparation for an Attack
    • Risk Analysis
    • Open Source Intelligence
  • Attacks on Input Parameters
    • SQL Injections
    • Cross-Site Scripting (XSS)
    • Overflow, Underflow and Upcasting
    • Code Injections
    • Deserialization
    • Web Application Firewalls

Day 2

  • Sniffing of Login Data or Tokens
    • Plaintext Authentication
    • Authentication without PKI
    • Authentication with bad/old Cipher Suites
  • Attacks on a Thick-Client
    • Secrets within the Client Software
    • Modification of Client Software
    • Abuse of Client Software
  • Attacks on Session and Authentication
    • Path Traversal
    • Session Prediction
    • Session Fixation
    • Java Web Tokens

Day 3

  • Attacks on Session and Authentication Part 2
    • Brute-Force Attacks
    • Cross-Site-Request Forgery (CSRF)
    • Open Redirect
    • Two Factor Authentication
    • Logs
  • Secure Development Lifecycle
    • Code Review
    • Static & Dynamic Analyse
    • Secure Software Development Process
    • PSIRT

After the training the participants should…

  • understand how attacks work and start thinking like an attacker
  • understand why secure software development is important and why to implement it
  • understand what steps are necessary for a secure software development
  • be capable to integrate secure development into their area of responsibility


SEC.301 Java Secure Coding 



 for security basics in software development 

Dates and registration

09 March 2021

SEC.301 Secure Coding Java

09. March - 11. March
20 April 2021

SEC.302 Secure Coding C Sharp

20. April - 22. April
05 October 2021

SEC.303 Secure Coding Web

05. October - 06. October