Close
Contact Us info@learnquest.com

??WelcomeName??
??WelcomeName??
« Important Announcement » Contact Us 877-206-0106 | USA Flag
Close
Close
Close
photo

Thank you for your interest in LearnQuest.

Your request is being processed and LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

photo

Thank you for your interest in Private Training.

We look forward to helping you develop the perfect training solution to help you meet your company's goals.

For immediate assistance, speak with one of our representatives using the chat module below. Otherwise, LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

Close
photo

Thank you for your interest in LearnQuest!

Now, you will be able to stay up-to-date on our latest course offerings, promotions, and training discounts. Watch your inbox for upcoming special offers.

title

Date: xxx

Location: xxx

Time: xxx

Price: xxx

Please take a moment to fill out this form. We will get back to you as soon as possible.

All fields marked with an asterisk (*) are mandatory.

Java Development for Secure Systems

Price
2,100 USD
3 Days
EJSE-140
Classroom Training, Online Training
Oracle

AWS Training Pass

Take advantage of flexible training options with the AWS Training Pass and get Authorized AWS Training for a full year.

Learn More

Prices reflect a 22.5% discount for IBM employees.
Prices reflect a 24% discount for Kyndryl employees.
Prices reflect the Accenture employee discount.
Prices shown are the special AWS Partner Prices.
Prices reflect the Capgemini employee discount.
Prices reflect the UPS employee discount.
Prices reflect the ??democompanyname?? employee discount.
GSA Private/Onsite Price: ??gsa-private-price??
For GSA pricing, please go to GSA Advantage.

Class Schedule

Delivery Formats

Sort results

Filter Classes

Guaranteed to Run

Modality

Location

Language

Date

    Sorry, there are no public classes currently scheduled in your country.

    Please complete this form, and a Training Advisor will be in touch with you shortly to address your training needs.

View Global Schedule

Course Description

Overview

This Java Development for Secure Systems course is designed to provide students with a broad range of challenges and techniques that make up “Java security.” Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.

The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.
 

Objectives

Upon completion of the Java Development for Secure Systems course, students will be able to:
  • Design and implement security policies for Java applications, servers, and components.
  • Manage keys and certificates for a Java application, and sign code sources as necessary.
  • Practice secure design and coding, and balance usability with security in UI and API.
  • Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE.
  • Incorporate JAAS authentication into an application.
  • Implement a JAAS LoginModule to connect to your own application data.
  • Secure Java EE applications by URL and role, and integrate JAAS authentication.
  • Avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.

Audience

  • Java programmers

Prerequisites

    • Solid Java programming experience
    • Some knowledge of Java EE architecture and development (recommended)

Topics

  • Java SE Security
    • Holistic Security Practices
    • Threats to the User
    • The Class Loader and Bytecode Verifier
    • System Classes and the Core API
    • SecurityManager and AccessController
    • Permissions
    • Implication
    • CodeSources
    • Policies
    • Configuring Java SE Security
    • Dynamic Policies
    • Privileged Actions
  • Code Signature and Key Management
    • Encryption and Digital Signature
    • Keystores
    • Keys and Certificates
    • Certificate Authorities
    • The KeyStore API
    • Signing JARs
    • Signed CodeSources
    • Additional Policy Semantics
  • Secure Development Practices: Java SE
    • Code Injection
    • Final Classes and Methods
    • Singletons, Factories, and Flyweights
    • Methods, Collections, and Data Hiding
    • Sealing JARs
    • Code Obfuscation
    • Object Serialization
  • Cryptography
    • Threats to Identity and Privacy
    • The Java Cryptography Extensions
    • The Signature Class
    • SignedObjects
    • The Java Cryptography Extensions
    • SecretKeys and KeyGenerator
    • The Cipher Class
    • Dangerous Practices
    • HTTP and JSSE
  • JAAS
    • Pluggable Authentication Logic
    • JAAS
    • Packages and Interfaces
    • Subjects and Principals
    • ANDs and ORs
    • Impersonation Methods
    • Permissions for JAAS Use
    • LoginContext and LoginModule
    • Configuring JAAS
    • CallbackHandler and Callbacks
    • Implementing a JAAS Client
    • Implementing a LoginModule
  • Java EE Security
    • Java EE Servers as Code Hosts
    • Tomcat Security Configuration
    • Declaring Roles
    • Securing URLs
    • HTTP Authentication Schemes
    • Securing EJBs
    • Programmatic Security
    • JAAS in Java EE
    • Realms and LoginModules
    • JAAS in Tomcat
    • JACC
    • Certifying a Java EE Application
    • HTTPS Configuration
  • Secure Development Practices: Java EE
    • Presentation-Tier Vulnerabilities
    • User Accounts
    • MVC and Security
    • Validating User Input
    • SQL Injection
    • Cross-Site Scripting
    • Reflected XSS
    • Defeating XSS
    • OWASP
    • Penetration Testing
    • Error Handling and Information Leakage
    • Logging and Auditing
  • Appendix A: Learning Resources
     
  • 2021 Top 20 Training Industry Company - IT Training

    Need Help?

    Call us toll free at 877-206-0106 or e-mail us at info@learnquest.com

    Personalized Solutions

    Need a personalized solution for your Training? Contact us, and one of our training advisors will help you find the best solution.

    Contact Us

    Need Help?

    Do you have a question about the courses, instruction, or materials covered? Do you need help finding which course is best for you? We are here to help!

    Talk to us

    20% Off All Cybersecurity Training Courses

    Arm yourself with the skills to safeguard against cyber threats.

    PROMO CODE: SECURITY20
    VALID THROUGH OCTOBER 31, 2023

    20% Off All Cybersecurity Training Courses

    Self-Paced Training Info

    Learn at your own pace with anytime, anywhere training

    • Same in-demand topics as instructor-led public and private classes.
    • Standalone learning or supplemental reinforcement.
    • e-Learning content varies by course and technology.
    • View the Self-Paced version of this outline and what is included in the SPVC course.
    • Learn more about e-Learning

    Course Added To Shopping Cart

    bla

    bla

    bla

    bla

    bla

    bla

    Self-Paced Training Terms & Conditions

    ??spvc-wbt-warning??
    ??group-training-form-area??
    ??how-can-we-help-you-area??
    ??personalized-form-area??
    ??request-quote-area??

    Sorry, there are no classes that meet your criteria.

    Please contact us to schedule a class.
    Close


    STOP! Before You Leave

    Save 0% on this course!

    Take advantage of our online-only offer & save 0% on any course !

    Promo Code skip0 will be applied to your registration

    Close
    Nothing yet
    here's the message from the cart

    To view the cart, you can click "View Cart" on the right side of the heading on each page
    Add to cart clicker.

    Purchase Information

    ??elearning-coursenumber?? ??coursename??
    View Cart

    Need more Information?

    Speak with our training specialists to continue your learning journey.

     

    Delivery Formats

    Close

    By submitting this form, I agree to LearnQuest's Terms and Conditions

    heres the new schedule
    This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.
    Your use of this LearnQuest site affirms your consent to our use of session and persistent cookies to track how you use our website.