Defensive Java Programming for EE Web Applications

Course Description

The Java Enterprise Edition (JEE) platform provides powerful tools for developing robust distributed applications. Although not web-centric, the JEE platform includes a significant number of web-specific specifications, including Java Server Pages (JSP) and Java Server Faces (JSF). No surprise, it is one of the most popular platforms for implementing large-scale, web-enabled, enterprise applications.

Not unlike other types of web applications, JEE web applications are affected by common problems such as SQL Injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and session management issues. Building upon the OWASP Top 10 course, this course provides a comprehensive overview of the security issues and developer pitfalls that affect web applications written in Java. This course teaches students to identify and mitigate vulnerabilities included in, but not limited to, the Open Web Application Security Project (OWASP) Top Ten taxonomy. Alternative remediation advice is also provided for the popular Model-View-Controller (MVC) frameworks such as Struts, Spring, and JSF. Additionally, the course teaches students secure configuration best practices to further harden web applications.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Comprehend the overall approach to securing Web applications
  • Describe security risks common to JEE Web applications
  • Identify security vulnerabilities in JEE Web applications
  • Apply defensive programming techniques to write secure JEE Web applications


Delivery Format & Duration:

  1. Live traditional or virtual classroom (8 Hours)
  2. eLearning (2 1/2 hours)

Intended Audience:

  • Developers
  • QA engineers
  • Architects


Get more course information