Securing Java Web Applications Training

Live Online & Classroom Enterprise Training

This advanced course shows experienced developers of Java web applications how to secure those applications and to apply best practices with regard to secure enterprise coding

Looking for a private batch ?

REQUEST A CALLBACK

Enterprise Reporting
Lifetime Access
CloudLabs
24x7 Support
Real-time code analysis and feedback

What is Securing Java Web Applications Training about?

This advanced course shows experienced developers of Java web applications how to secure those applications and to apply best practices with regard to secure enterprise coding. Authentication authorization and input validation are major themes and students get good exposure to basic Java cryptography for specific development scenarios as well as thorough discussions of HTTPS configuration and certificate management error handling logging and auditing.

What are the objectives of Securing Java Web Applications Training ?

At the end of Securing Java Web Applications training course, the participants will be able to:

Secure new and existing Java web applications
Define security constraints and login configurations that instruct the web container to enforce authentication and authorization policies.
Validate user input aggressively

What are the prerequisites for Securing Java Web Applications Training?

Basic Java Skills

Available Training Modes

Live Online Training

Course Outline Expand All

Expand All

1. Secure Web Applications

Threats and Attack Vectors

Server, Network, and Browser Vulnerabilities

Secure Design Principles

GET vs. POST

Container Authentication and Authorization

HTML Forms

Privacy Under /WEB-INF

HTTP and HTTPS

Other Cryptographic Practices

SOA and Web Services

The OWASP Top 10

2. Authentication and Authorization

HTTP BASIC and DIGEST Authentication Schemes

Declaring Security Constraints

User Accounts

Safeguarding Credentials in Transit

Replay Attacks

Authorization Over URL Patterns

Roles

FORM Authentication

EJB Authorization

Programmatic Security

Programmatic Security in JSF

3. Secure Application Design

Single Points of Decision

Cross-Site Scripting

Validation vs. Output Escaping

Forceful Browsing

Cross-Site Request Forgery

Request Tokens

Injection Attacks

Protections in JDBC and JPA

Session Management

Taking Care of Cookies

Validating User Input

Validation Practices

Regular Expressions

JSF Validation

4. HTTPS and Certificates

Digital Cryptography - Encryption - SSL and Secure Key Exchange - Hashing - Signature - Keystores - keytool - Why Keys Aren't Enough - X.509 Certificates - Certificate Authorities - Obtaining a Signed Certificate - Configuring HTTPS - Client-Side Certificates - PKCS #12 and Trust Stores - CLIENT-CERT Authentication -

5. Application-Level Cryptography

The Java Cryptography Architecture

Secure Random Number Generation

The KeyStore API

The Signature Class

The SignedObject Class

The MessageDigest Class

The Java Cryptography Extensions

The SecretKey and KeyGenerator Types

The Cipher Class

Choosing Algorithms and Key Sizes

Dangerous Practices

6. Error Handling, Auditing, and Logging

Secure Development Cycle

Error Handling and Information Leakage

Failing to a Secure Mode

Logging Practices

Appropriate Content for Logs

Auditing

Strategies: Filters, Interceptors, and Command Chains

Penetration Testing

Back Doors

7. Conclusion

Who is the instructor for this training?

The trainer for this Securing Java Web Applications Training has extensive experience in this domain, including years of experience training & mentoring professionals.

Reviews

My outlook on training changed completely after attending SpringPeople BPC training. The content, the trainer and infrastructure at SpringPeople were top notch and perfectly in tune with the industry requirements. Regardless to say, training is now something that I look forward to to. Kudos to everyone at SpringPeople!

Shweta Priya

Sony

I attended the 3-day AngularJs training at SpringPeople. The trainer was an industry veteran with vast experience in the subject. Notably, the hands-on training, and the Q&A session stood out. Overall, I found SpringPeople a great place to learn with excellent facilities and great trainers. Would recommend SpringPeople to my colleagues and friends.

Swati Singh

I attended the training on API Design for Mulesoft. The sessions were well planned and value-laden. I benefited immensely from the hands-on experience enabled through virtual labs. I would like to specifically commend the efficiency of the support team who were always available to resolve my concerns.

Nikhil Kohli

Stryker

I attended the jQuery training batch, conducted by Mr. Vijay, an SME who did a thorough coverage of all the essentials. He took us through concepts such as jQuery animations, event handlers, plugins, and jQuery-UI by small programs, very easily. The sessions were useful and well structured. By the end of the training, I was well equipped to develop a SPA on Product Management System. Overall, the learning experience at SpringPeople was great!

Heena Rajan

Mindtree