Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

Java Spring Security

Course Description

This course is your guide to building secure Java Spring applications. Throughout the course, we analyze what Spring Security can and cannot do for you. We’ll show you how to integrate advanced security mechanisms with only a few lines of code and configuration. In the end, you’ll have a solid understanding of the power of Spring Security, along with the gusto to start using Spring Security in your applications.

Learning Objectives

  • Understand what Spring Security brings to the table
  • Determine current best practices for building secure Java Spring applications
  • Describe how to use Spring Security’s authentication and authorization features in practice
  • Integrate a secret vault into a Spring application

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Enterprise Developers
  • Architects

Prerequisites: 

Course Outline

Securing Spring Applications

  • The Java Spring Ecosystem
  • The Spring Security Framework
  • Spring Security in Various Application Types
  • Course Overview

Common Web Vulnerabilities

  • Server-Side Injection Attacks
  • Client-Side Injection Attacks
  • Secure Data Transport
  • Overview of Current Best Practices

Configuring Security Headers

  • The Effect of Security Headers
  • Security Headers in Spring Security
  • Overview of Current Best Practices

User Authentication with Spring

  • User Authentication
  • Handling User Authentication in Spring
  • Using the "Remember Me" Feature
  • Common Attacks against Authentication Forms
  • Overview of Best Practices

Secure Password Storage

  • Password Storage Best Practices
  • Storing Passwords with Spring Security
  • Supporting Multiple Password Storage Mechanisms
  • Overview of Current Best Practices

Authentication with OpenID Connect

  • Why Using OpenID Connect?
  • Background on OpenID Connect
  • Integrating OpenID Connect in Spring
  • Overview of Current Best Practices

Implementing an Authorization Framework

  • Access Control Models
  • Leveraging Spring Security for Authorization
  • Avoiding Common Authorization Vulnerabilities
  • Overview of Current Best Practices

Advanced Authorization Scenarios

  • API Authorization with OAuth 2.0
  • Implementing a CORS Policy
  • Securely Exposing Websockets
  • Overview of Current Best Practices

Managing Secrets in Your Application

  • The Need for Secrets Management
  • The Benefits of Centralized Secret Storage
  • Using Spring Vault in Practice
  • Overview of Current Best Practices

Conclusion (Spring Security)

Overview of Current Best Practices

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster