TEXT_SIZE

Essential Secure Coding in Java/J2EE

User Rating: / 0
PoorBest 
Track Name
 : Essential Secure Coding in Java/J2EE
Track ID : SB2DSCJ/SANS Course ID:DEV530
Instructor : Frank Kim
CPE Credits : 14 CPE’s
Duration : 2 Days
Date : November 19th - 20th, 2009 (9 AM – 6 PM)
SANS Laptop_required

Who should attend?

  1. Developers who want to build more secure applications
  2. Java EE programmers
  3. Software engineers
  4. Software architects
  5. Application security auditors
  6. Technical project managers
  7. Senior software QA specialists
  8. Penetration testers who want a deeper understanding of target applications or who want to provide more detailed vulnerability remediation options

Class Pre-requisite:

Students should have at least one year's experience working with the JEE framework and should have thorough knowledge of Java language and web technology.

Class Requirement:

You may also visit SANS for the Laptop Requirements for this class.

  1. Laptop with administrative level access
  2. 5 GB available hard drive space
  3. 1 GB RAM or higher
  4. DVD drive (minimum 12x recommended)
  5. x86 compatible 2Ghz CPU minimum or higher

VMWare

You will use VMware to perform exercises in class. You must have a working copy of one of the following installed on your system prior to coming to class:

  1. VMware Player 2.0 or later
  2. VMware Workstation 6.0 or later
  3. VMware Fusion for Max OS X

VMware Player can be downloaded for free. Alternatively, if you want a more configurable and flexible tool, you can download a free 30-day trial copy of VMware Workstation or VMware Fusion. These products are available at www.vmware.com. VMware will send you a time-limited serial number for VMware Workstation or VMware Fusion if you register for the trial at their Web site. No serial number is required for VMware Player.

Java Documentation

It is recommended that students download the Java SE 6 and Java EE 5 Javadoc documentation for use as reference material while doing the in-class exercises (the Javadoc license prohibits redistribution). The documentation can be found at java.sun.com.
You will receive a DVD containing a Linux VMware image that contains all the course exercises.

Course Description:

Detailed Course Outline at SANS

This course covers the essential Java/JEE topics that are relevant to a large number of web application developers. It's not a high level theory course. It's about real programming. In this course you will examine actual code, work with real tools, build applications, and gain confidence in the resources you need for the journey to improving the security of your Java applications.

Rather than teaching students to use a set of tools, we're teaching students concepts of secure programming. This involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for that flaw. The course is full of hands on exercises where you can apply practical techniques that you can use to prevent common attacks.

Topics Covered

  1. Web Application Attacks
  2. Web Application Proxy
  3. Validation Concerns
  4. Validation Techniques
  5. Authentication
  6. Session management
  7. Servlet access control
  8. Encryption
  9. Encryption of data in transit with JSSE
  10. Encryption of data at rest with JCA
  11. String immutability
  12. Integer and Double Overflows
  13. Numeric data issues
  14. Race conditions
  15. Collections
  16. Singletons

Twitter Updates

Speakers @ Glance

Howard Schmidt

John Bumgarner

John Bumgarner

Roberto Suggi

Roberto Suggi

Charlton Smith

Charlton Smith

Kevvie Fowler

Kevvie Fowler

Nitin Kumar

Nitin Kumar

Vipin Kumar

Vipin Kumar

Aviram Jenik

Aviram Jenik

Cedric Blancher

Cedric Blancher

Mano Paul

Mano Paul

Fyodor Yarochkin

Fyodor Yarochkin

Bryan Fite

Bryan Fite

Shreeraj Shah

Shreeraj Shah

Sumit Siddharth

Sumit Siddharth

Lavakumar Kuppan

Lavakumar Kuppan

Follow Us On

Facebook Group FeedBurner Linked In Group Twitter YouTube