Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Java Development for Secure Systems
Rev. 6.0
Java Training Overview

This course exposes students to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.

The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.

This version of the course targets Java SE 6 and Java EE 5, but it is largely applicable to Java SE 5 and J2EE 1.4 as well, and groups looking for Java training who know they'll be using those earlier platforms are encouraged to use this course. For training within the J2SE 1.4 environment, please see version Secure Systems .)

Java Training Prerequisites

  • Solid Java programming experience is assumed - both structured and object-oriented techniques.course "Java Programming" is excellent preparation for this course.
  • Some knowledge of J2EE architecture and development is also required, though extensive practical experience with J2EE development is not strictly necessary. Our Course "Overview of J2EE Development" offers a one-day overview of J2EE development, including architecture and working examples.
Java Training Learning Objectives
  • Design and implement security policies for Java applications, servers, and components.
  • Manage keys and certificates for a Java application, and sign code sources as necessary.
  • Practice secure design and coding, and balance usability with security in UI and API.
  • Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE.
  • Incorporate JAAS authentication into an application.
  • Implement a JAAS LoginModule to connect to your own application data.
  • Secure Java EE applications by URL and role, and integrate JAAS authentication.
  • Avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.
Java Training Course duration

3 Days

Java Training Course outline

1. Java SE Security
  • Holistic Security Practices
  • Threats to the User
  • The Class Loader and Bytecode Verifier
  • System Classes and the Core API
  • SecurityManager and AccessController
  • Permissions
  • Implication
  • CodeSources
  • Policies
  • Configuring Java SE Security
  • Dynamic Policies
  • Privileged Actions
2. Code Signature and Key Management
  • Encryption and Digital Signature
  • Keystores
  • Keys and Certificates
  • Certificate Authorities
  • The KeyStore API
  • Signing JARs
  • Signed CodeSources
  • Additional Policy Semantics
3. Secure Development Practices: Java SE
  • Code Injection
  • Final Classes and Methods
  • Singletons, Factories, and Flyweights
  • Methods, Collections, and Data Hiding
  • Sealing JARs
  • Code Obfuscation
  • Object Serialization
4. Cryptography
  • Threats to Identity and Privacy
  • The Java Cryptography Extensions
  • The Signature Class
  • SignedObjects
  • The Java Cryptography Extensions
  • SecretKeys and KeyGenerator
  • The Cipher Class
  • Dangerous Practices
  • HTTP and JSSE
5. JAAS
  • Pluggable Authentication Logic
  • JAAS
  • Packages and Interfaces
  • Subjects and Principals
  • ANDs and ORs
  • Impersonation Methods
  • Permissions for JAAS Use
  • LoginContext and LoginModule
  • Configuring JAAS
  • CallbackHandler and Callbacks
  • Implementing a JAAS Client
  • Implementing a LoginModule
6. Java EE Security
  • Java EE Servers as Code Hosts
  • Tomcat Security Configuration
  • Declaring Roles
  • Securing URLs
  • HTTP Authentication Schemes
  • Securing EJBs
  • Programmatic Security
  • JAAS in Java EE
  • Realms and LoginModules
  • JAAS in Tomcat
  • JACC
  • Certifying a Java EE Application
  • HTTPS Configuration
7. Secure Development Practices: Java EE
  • Presentation-Tier Vulnerabilities
  • User Accounts
  • MVC and Security
  • Validating User Input
  • SQL Injection
  • Cross-Site Scripting
  • Reflected XSS
  • Defeating XSS
  • OWASP
  • Penetration Testing
  • Error Handling and Information Leakage
  • Logging and Auditingul
Appendix A. Learning Resources

System Requirements

Hardware – minimal: 500 MHz, 256 meg RAM, 500 meg disk space

Hardware – recommended: 1.5 GHz, 512 meg RAM, 1 gig disk space

Operating system: Tested on Windows XP Professional. Course software should be viable on all systems which support a Java 6 Developer's Kit.

Software: All free downloadable tools.
Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved