Canada IT Courses
ExitCertified US




ExitCertified - Excellence in IT Certified Education
 
IT education classes
IT training feature sheet
 
   
 
start > courses and registration > training feature sheet
Defensive Coding for Java :: [TT-2800]
 
 
 
 
 
 
code. TT-2800   length. 3 days
type. Instructor-Led   partner. Other Java :: Development :: Trivera
price.
$1,450 :: contact for GSA GOV.
 
NOTICE: This course code has recently been changed from TT-254 to TT-2800.
 
Students who attend Java Secure Coding (or Defensive Coding for Java) will leave the course armed with the required skills to recognize software vulnerabilities (actual and potential) and implement defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software.

The concept and process of Threat Risk Modeling is introduced as a key enabler for implementing effective and appropriate security for software and information assets.

This course includes coverage of the many security-related technologies and APIs that exist in the Java and J2EE world.

This intense hands-on workshop is essential for developers who need to produce secure Java and J2EE applications. Throughout the course, students learn the best practices for designing, implementing, and deploying secure programs in Java. Students will take an application from requirements through to implementation, analyzing and testing for software vulnerabilities. This course is short on theory and long on application.
 
course schedule  
 
There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links below.
   
Request course date Request on site training
 
who can benefit
  
 
This is an intermediate to advanced level Java course, designed for developers who wish to get up and running on developing well defended web applications. Familiarity with Java is required, and real world programming experience is highly recommended. This course may be customized to suit your team's unique objectives.
 
prerequisites
  
 
Ideally students should have approximately 6 months to a year of practical Java development experience.
 
skills gained
  
 
During this three day course, students will be led through a series of advanced topics, where most topics consist of lecture, group discussion, comprehensive hands-on lab exercises, and lab review.

The initial portion of the course lays down the foundation in basic terminology and concepts that is built upon in subsequent lessons. The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure web applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment.

This workshop is a code course rather than theory and concepts, with about 50% hands-on labs and 50% lecture. Many examples are threaded into the course, designed to reinforce fundamental skills and concepts learned in the lessons, all working in the Java environment. Because these lessons, labs and projects are presented in a building block fashion, students will gain a solid understanding of not only the core concepts, but also how all the pieces fit together in a complete application.

At the end of each lesson, developers will be tested with a set of review questions to ensure that he/she has fully understands that topic.

Students attending this course will

Understand the concepts and terminology behind defensive coding.
Understand and use Threat Risk Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets.
Learn the entire spectrum of threats and attacks that take place against software applications in today's world.
Use Threat Risk Modeling to identify potential vulnerabilities in a real life case study.
Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java applications.
Understand the vulnerabilities of the Java programming language and the JVM as well as how to harden both.
Understand and work with Java 2 platform security to gain an appreciation for what is protected and how
Understand the role that Java Authentication and Authorization Service (JAAS) has in both Java and J2EE applications.
Use JAAS in conjunction with a Java application for both authentication and authorization.
Understand the basics of Java Cryptography (JCA) and Encryption (JCE) and where they fit in the overall security picture.
Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena.
Learn how J2EE security is implemented as well as the limitations of that security
Apply J2EE security to an existing web application.
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure.
 
hands-on
  
 
This intense hands-on course is 40/60 lab to lecture ratio. This workshop is essential for experienced developers who need to produce secure Java based web applications. Throughout the course, students learn the best practices for designing, implementing, and deploying secure web applications using Java. This course is short on theory and long on application.


 
course content details  
 


  Session 1 - Defensive Coding Overview

Security Concepts
Principles of Defensive Coding
Threat Risk Modeling
Lab - Threat Risk Modeling of Case Study


  Session 2 - Vulnerabilities

Security Attacks
Information Attacks
System Attacks
Data Attacks
Lab - Threat Risk Modeling Revisited


  Session 3 - Defensive Coding Applied to Java

Defensive Java Coding Practices 1
Lab - Static Review of Case Study Implementation
Analyze Lab Results
Lab - Attack the Case Study Implementation
Defensive Java Coding Practices 2


  Session 4 - Java 2 Security and JAAS

Java 2 Security and Applets
Hardening the JVM
Lab - Work with Java 2 Security
JAAS Overview


  Session 5 - Cryptography Overview

Overview of Java Cryptography/Encryption
Overview of XML\Web Services Security


  Session 6 - J2EE Security

Technical Overview of J2EE Security
Hardening the Servers and Environment
Lab - Adding Security to a Web Application
Lab Optional - JAAS Authentication
Lab Optional - JAAS Authorization



 
Sun Microsystems Training Special




find a course
 
phone us
 
view course schedule





Sun Microsystems Training Special

 
go to top
Sun Microsystems, Veritas, Oracle, Symantec, and Project Management IT Education Sun Microsystems, Veritas, Oracle, Symantec, and Project Management IT Education
© 2008 ExitCertified. All rights reserved.
terms of use and disclaimer :: privacy policy :: webmaster :: link to us
   
Sacramento Training :: 916.669.3970 | Las Vegas Training :: 1.800.803.EXIT (3948) | San Francisco Training :: 415.975.3948 | San Jose Training :: 408.288.EXIT (3948)
Phoenix, Arizona Training | Los Angeles, California Training | San Diego, California Training | Broomfield, Colorado Training | Fort Lauderdale, Florida Training
Tampa, Florida Training | Atlanta, Georgia | Downers Grove, Illinois | Kansas City, Kansas Training | Portland, Maine Training | Baltimore, Maryland Training | Burlington, Massachusetts Training
Troy, Detroit, Michigan Training | Minneapolis, Minesota Training | St. Louis, Missouri Training | Omaha, Nebraska Training | Edison, New Jersey Training | New York City, New York Training
Raleigh, North Carolina Training | Columbus, Ohio Training | Philadelphia, Pennsylvania Training | Nashville, Tennessee Training | Dallas, Texas Training
Houston, Texas Training | Hampton, Virginia Training | Madison, Wisconsin Training | Seattle, Washington Training

ExitCertified is a global provider of authorized technology training. Some of our popular course topic searches include:

Java Training | J2EE Training | JSP Training | Java Courses | Servlets Training | EJB Training | Struts Training | Networking Courses | Solaris Training
Red Hat Training | SUSE Training | XML Training | Oracle SQL | Oracle PL/SQL | DBA Training | DBA Certification | Oracle Certification
RedHat Training | Solaris Certification | Java Certification | Veritas Certification | PeopleSoft Training | 11g Training | 11g Certification
RedHat Courses | SQL Training | 10g Training | 9i Training | Application Development Training | Certified Training | Corporate Training
Government Training | Course Catalogue | Training Schedule | Certification Training | Project Management Training | Linux Training
Solaris 10 Training | Unix Training | NetBackup Training | Virus Protection Courses | Education Technology Newsletter | zSeries Training
s/390 Training | iSeries Training | DB2 Training | OS/400 Training | AIX Training | Rational Courses | PMI Training | Project Management Training
SeeBeyond Training | Java Composite Application Platform (JCAPS) Training | MySQL Training | MySQL Database Course | Hyperion Training | Fusion Middleware