Secure Java Web Application Development Lifecycle (SDL)

PT0615
Training Summary
The Best Defense Security Training Series is a suite of developer-oriented, application security courses that provide complete coverage of the CWE/SANS Top 25 Most Dangerous Programming Errors the OWASP Top Ten for 2013, the Verizon 2014 Data Breach Report, and the WASC Threat Classifications. These errors, as determined by a consortium of cyber security organizations, enable cyber espionage and crime. Our comprehensive application security and secure coding classes address each of these critical issues head-on, as our courses, seminars and workshops explicitly:Teach programmers what these errors are Demonstrate, in real terms, the potential impact of each of these errors Provide experience in how to recognize and properly address these errors Teach stakeholders how to defend against the potential consequences of security breaches in other parts of their IT infrastructure.Cross-reference materials, vulnerabilities, and attacks that are covered with both the OWASP Top 10 and the WASC Threat ClassificationsCovers the latest security trends and developments, including the Verizon Data Breach Report and the latest from the National Vulnerabilities DatabaseSecure Java Web Application Development Lifecyle (SDL) is a lab-intensive, hands-on Java / JEE security training course, essential for experienced enterprise developers who need to engineer, maintain, and support secure JEE-based web applications. In addition to teaching basicsecure programming skills, this course digs deep into sound processes and practices that apply to the entire software development lifecycle. In this course, students thoroughly examine best practices for defensively coding web applications, including XML processing, rich interfaces, and both RESTful and SOAP-based web services. Students will repeatedly attack and then defend various assets associated with fully-functional web applications and web services. This hands-on approach drives home the mechanics of how to secure JEE web applications in the most practical of terms.Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time trying to defend a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle. A key component to our Best Defense IT Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is Java-specific, it may also be presented using .Net or other programming languages
Prerequisites
Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.
Duration
5 Days/Lecture & Lab
Audience
This is an intermediate -level JEE / web services programming course, designed for developers who wish to get up and running on developing well defended software applications. This course may be customized to suit your team's unique objectives.
Course Topics
  • Introduction: Misconceptions
  • Foundation
  • Vulnerabilities
  • Defending XML, Services, and Rich Interfaces
  • Secure Development Lifecycle (SDL)
  • Security Testing

Related Scheduled Courses