Java Development for Secure Systems Training

Live Online & Classroom Enterprise Training

This course is for you if you want to secure your Java application using the Java security API. The course has an in depth coverage of concepts like JAAS, Cryptography, permissions and policies and privileged actions.

Looking for a private batch ?

REQUEST A CALLBACK

Enterprise Reporting
Lifetime Access
CloudLabs
24x7 Support
Real-time code analysis and feedback

What is Java Development for Secure Systems Training about?

Java Development for Secure Systems training teaches attendees the broad range of Java security challenges and how to successfully remedy them. This course starts with basic concepts of code security - what the Java SE runtime does to protect the system from Java code and Java code from other Java code - and good secure-coding practices. It then takes students through exercises in basic cryptography skills using the appropriate Java API. Finally it moves on to enterprise software and the issues related to component-based architectures such as Web applications EJBs and Java messaging components.

What are the objectives of Java Development for Secure Systems Training ?

At the end of Java Development for Secure Systems training course, the participants will be able to:

Understand how the Java language and standard-platform architecture solve many low-level security problems for all Java code.n
Design and implement security policies for Java applications, servers and components.

What are the prerequisites for Java Development for Secure Systems Training?

Solid Java programming experience is assumed - both structured and object-oriented techniques. knowledge of Core Java and Some knowledge of Java EE architecture and development is also required

Available Training Modes

Live Online Training

Course Outline Expand All

Expand All

1. Java SE Security

Holistic Security Practices

Threats to the User

The Class Loader and Bytecode Verifier

System Classes and the Core API

SecurityManager and AccessController

Permissions

Implication

CodeSources

Policies

Configuring Java SE Security

Dynamic Policies

Privileged Actions

2. Code Signature and Key Management

Encryption and Digital Signature

Keystores

Keys and Certificates

Certificate Authorities

The KeyStore API

Signing JARs

Signed CodeSources

Additional Policy Semantics

3. Secure Development Practices: Java SE

Code Injection

Final Classes and Methods

Singletons, Factories, and Flyweights

Methods, Collections, and Data Hiding

Sealing JARs

Code Obfuscation

Object Serialization

4. Cryptography

Threats to Identity and Privacy

The Java Cryptography Extensions

The Signature Class

SignedObjects

The Java Cryptography Extensions

SecretKeys and KeyGenerator

The Cipher Class

Dangerous Practices

HTTP and JSSE

5. JAAS

Pluggable Authentication Logic

JAAS

Packages and Interfaces

Subjects and Principals

ANDs and ORs

Impersonation Methods

Permissions for JAAS Use

LoginContext and LoginModule

Configuring JAAS

CallbackHandler and Callbacks

Implementing a JAAS Client

Implementing a LoginModule

6. Java EE Security

Java EE Servers as Code Hosts

Tomcat Security Configuration

Declaring Roles

Securing URLs

HTTP Authentication Schemes

Securing EJBs

Programmatic Security

JAAS in Java EE

Realms and LoginModules

JAAS in Tomcat

JACC

Certifying a Java EE Application

HTTPS Configuration

7. Secure Development Practices: Java EE

Presentation-Tier Vulnerabilities

User Accounts

MVC and Security

Validating User Input

SQL Injection

Cross-Site Scripting

Reflected XSS

Defeating XSS

OWASP

Penetration Testing

Error Handling and Information Leakage

Logging and Auditing

8. Conclusion

Who is the instructor for this training?

The trainer for this Java Development for Secure Systems Training has extensive experience in this domain, including years of experience training & mentoring professionals.

Reviews

My outlook on training changed completely after attending SpringPeople BPC training. The content, the trainer and infrastructure at SpringPeople were top notch and perfectly in tune with the industry requirements. Regardless to say, training is now something that I look forward to to. Kudos to everyone at SpringPeople!

Shweta Priya

Sony

I attended the 3-day AngularJs training at SpringPeople. The trainer was an industry veteran with vast experience in the subject. Notably, the hands-on training, and the Q&A session stood out. Overall, I found SpringPeople a great place to learn with excellent facilities and great trainers. Would recommend SpringPeople to my colleagues and friends.

Swati Singh

I attended the training on API Design for Mulesoft. The sessions were well planned and value-laden. I benefited immensely from the hands-on experience enabled through virtual labs. I would like to specifically commend the efficiency of the support team who were always available to resolve my concerns.

Nikhil Kohli

Stryker

I attended the jQuery training batch, conducted by Mr. Vijay, an SME who did a thorough coverage of all the essentials. He took us through concepts such as jQuery animations, event handlers, plugins, and jQuery-UI by small programs, very easily. The sessions were useful and well structured. By the end of the training, I was well equipped to develop a SPA on Product Management System. Overall, the learning experience at SpringPeople was great!

Heena Rajan

Mindtree