Defensive Programming for JavaEE Web Apps

Course Description

The Java Enterprise Edition (JEE) platform provides powerful tools for developing robust distributed applications. Although not web-centric, the JEE platform includes a significant number of web-specific specifications, including Java Server Pages (JSP) and Java Server Faces (JSF). Not surprisingly, it is one of the most popular platforms for implementing large-scale, web-enabled enterprise applications.

Like other types of web applications, JEE web applications are affected by common problems such as SQL Injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and session management issues. Building on the OWASP Top 10 course, this course provides a comprehensive overview of the security issues and developer pitfalls that affect web applications written in Java. This course teaches students to identify and mitigate vulnerabilities included in, but not limited to, the Open Web Application Security Project (OWASP) Top 10 taxonomy. The course also provides alternative remediation advice for popular model-view-controller (MVC) frameworks such as Struts, Spring, and JSF. Additionally, the course teaches students secure configuration best practices to further harden web applications.

Course themes

  • Review the basic constructs of the Java platform as they pertain to software security
  • Outline secure ways for handling errors, data input, and data output
  • Illustrate common security errors and how they might appear in your source code
  • Recommend best practices for engineering security features

Learning Objectives

  • Comprehend the overall approach to securing Web applications.
  • Describe security risks common to JEE Web applications.
  • Identify security vulnerabilities in JEE Web applications.
  • Apply defensive programming techniques to write secure JEE Web applications.


Delivery Format: eLearning

Duration: 75 Minutes

Level: Advanced

Intended Audience:

  • Front-End Developers
  • Back-End Developers
  • QA Engineers
  • Architects
Competencies: Familiarity with Java and JSP


Get more course information

250 / 250