title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Secure Coding Java
Duration
2
Course
SCRTY-115
Available Formats
Classroom Training, Online Training
Course Description
Overview
Cybersecurity has risen to the top priority discussion items, and it is the subject of the US-Russia presidential communications. The number of ransomware attacks doubled in the past year, and other attacks are on the rise.This course teaches a comprehensive approach to cybersecurity. It starts with common attacks, continues with the principles of designing secure multi-layer systems, and goes into the details of secure coding for Java.
Also included are securing runtime environments and modern security frameworks.
Objectives
Audience
Developers, team leads, project managers
Prerequisites
- Recommended: Cybersecurity awareness
- Comfortable developing code in Java
Topics
Short overview of threat modeling
- STRIDE attack classification
- CVSS attack assessment
- Lab on threat modeling
- Cross site scripting
- Malicious file execution
- Session hijacking
- Encryption
- Unsecured direct object reference
- Defenses: Validation; Strong typing; Regular expressions; White list; Scrubbing; Encoding; CAPTCHA
- Labs based on OWASP Goat labs
- Basic Security within Java SE 8+: Mutability of objects; Variable, method, class, and package scopes; Thread safety; Exception handling; Input validation
- Basic Security at the EE level: Role-based authentication; Specifying Security Constraints; Programmatic security; Declarative security
- Labs based on SEI CERT standard
- oauth2 token-based authentication and authorization
- oauth2 server setup
- embedded token server, token lifecycle, and management
- REST security best practices:
- Authorization
- Input validation
- Output encoding
- Cryptography
- Overview of code signing: Windows; Mac; Linux
- Basic & Digest
- Forms
- Windows authentication
- JAAS and other Java authentication services
- Authorization
- Password security
- Brute force attacks
- Password resets
- Secret questions/answers
- SSL/TLS
- Audits/Logs
- Static code analysis: SonarQube; Labs
- Introduction to modern frameworks: Vault; Consul; Anthos
- Modern security design patterns: Dynamic secrets; Automatic credential rotation; Cubbyhole response wrapping; Encryption as a service
- Zero-trust networks
- Artificial intelligence
Related Courses
-
Cyber Secure Coder Certified CSC (Exam CSC-210)
CNX0032- Duration: 3
- Delivery Format: Classroom Training, Online Training
- Price: 2,100.00 USD
-
Certified Dark Web Analyst Common Body of Knowledge 5th Edition
035144SE- Duration: 5
- Delivery Format: Classroom Training, Online Training
- Price: 3,500.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
??spvc-wbt-warning??
Exam Terms & Conditions
??exam-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.