Secure Java / JEE Web Application Development Lifecycle (SDL)

PT25199
Summary
Secure Java Web Application Development is a lab-intensive, hands-on Java / JEE security training course that provides 360-degree coverage of Java application security. In this course, students begin with penetration testing, hunting for bugs in Java web applications. They then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references). Students will repeatedly attack and then defend various assets associated with fully functional web applications and services. This hands-on approach drives home the mechanics of how to secure JEE web applications in the most practical of terms. Finally, students examine the controls (defenses) relative to the phases that attackers work through when exploiting web applications. The course focuses on three specific activities that are interrelated and move the security process farther to the left in the development process. The course ends with an extensive discussion of what a mature application security presence would provide to the developers within an organization. A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Our bug hunting class introduces penetration testing , illustrating how hackers probe and exploit our applications. Our developing secure software class introduces various security measures that can be applied through the software lifecycle. The combination of ethical hacking, secure coding, and secure lifecycle training provides student with the complete experience in application security. This course merges these classes with a specific Java orientation. NOTE: Although this edition of the course is Java specific, it may also be presented using .Net, NodeJS or other programming languages.
Prerequisites
Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge. Students should have basic development skills and a working knowledge in the following topics, or attend these courses as a pre-requisite: JEE Web Application Development Essentials
Duration
5 Days/Lecture & Lab
Audience
This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications.
Topics
  • Bug Hunting Foundation
  • Scanning Web Applications
  • Moving Forward
  • Securing Applications Foundation
  • Bug Stomping 101
  • Bug Stomping 102
  • Secure Development Lifecycle (SDL)
  • Taking Action Now

Related Scheduled Courses