Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

Java Advanced Secure Coding v3.0

Course Description

Java Advanced Secure Coding continues where Java Security Fundamentals leaves off. This course discusses advanced coding concepts and significant platform security features and applies them to practical use cases to address typical business security challenges. We cover preventing injection attacks, platform authentication and access control, cryptography, secure network communications, public key infrastructure, and web security, along with a summary of newer features introduced in Java 8/9.

Learning Objectives

  • Learn about platform authentication and access control libraries, cryptography, and secure communications over untrusted networks
  • Learn PKI concepts and relevant Java platform security controls, such as the CertPath API, PKIX, and OCSP/CRL revocation services
  • Apply practical ideas to defend against SQL injection, XML parser attacks, CSRF, XSS, URL attacks, HTTP response redirect attacks, and more using the Java platform as well as third-party security libraries, such as OWASP

Details

Delivery Format : eLearning

Duration: 1 Hour

Level: Advanced

Intended Audience:

  • Architects
  • Front-End Developers
  • Back-End Developers

Prerequisites: Java Security Fundamentals

Course Outline

Introduction

  • Preventing Injection
  • Authentication and Access Control
  • Cryptography
  • Secure Communications
  • Public Key Infrastructure (PKI)
  • Web Security
  • Important Security Features in Java SE 8–11

Preventing Injection

  • Introduction to Preventing Injection
  • Defending Against SQL Injection: JDBC Prepared Statements
  • Encoding Reserved Control Sequences Within Untrusted Input
  • XML Parser Defense

Authentication and Access Control

  • Java Authentication and Authorization Service (JAAS)
  • Policy Management
  • Sandbox Security
  • Hot Waters: Building Your Own Security Controls

Cryptography

  • Managing Passwords
  • Ciphers
  • Digital Signatures
  • Secure Random Number Generation
  • Heartbleed Bug

Secure Communications

  • Java Secure Socket Extension
  • GSS-API
  • SASL-API

Public Key Infrastructure

  • Java’s PKI Model Support
  • Trust Management in Java
  • Java CertPath API
  •  Storing Keys/Secrets
  • Revocation Services

Web Security

  • Cross-Site Request Forgery Defense
  • CSRF Defense Example
  • Advice for Defending Against CSRF Attacks
  • Open Redirect Defense
  • URL Validation
  • HTTP Security Response Headers
  • User Interface Security

Important Security Features

  • Security Changes for Java 8
  • Security Changes for Java 9
  • Brief Considerations When Upgrading to Java 9
  • Security Changes for Java 11

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster