Introduction to Common Web Application Vulnerabilities, How to Implement and Test Attack Defenses & More
Secure Java Web Application Development is a seminar style course designed for Java web developers and technical stakeholders who need to produce secure Java web applications. Our web app security expert will share how to integrate security measures into the development process. You will also explore core concepts and challenges in web application security, showcasing real world examples that illustrate the potential consequences of not following these best practices.
Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time examining a poorly designed (from a security perspective) web application, you are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.
Students who attend Secure Java Web Application Development will gain an understanding of how to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course introduces most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a coding perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses.
Guided by our application security expert, you will explore how to:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional Java / JEE programming, secure coding, secure software development, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an introductory-level course lecture and demonstration style course, designed to provide technical application project stakeholders with a first-look or baseline understanding of how to develop well defended web applications. Real-world programming experience is highly recommended for code reviews, but not required.
Take Before: Students should have basic development skills and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Please see the Related Courses Tab for Pre-Requisite course specifics and links, links to similar courses you might review as an alternative, as well as suggested Next-Step Follow-On Courses and Learning Path recommendations.
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most. Topics, agenda and labs are subject to change, and may adjust during live delivery based on audience interests, skill-level and participation.
Session: Bug Hunting Foundation
Lesson: Why Hunt Bugs?
Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Moving Forward From Hunting Bugs
Lesson: Removing Bugs
Session: Foundation for Securing Web Applications
Lesson: Principles of Information Security
Session: Bug Stomping 101
Lesson: Unvalidated Data
Lesson: A1: Injection
Lesson: A2: Broken Authentication
Lesson: A3: Sensitive Data Exposure
Lesson: A4: XML External Entities (XXE)
Lesson: A5: Broken Access Control
Session: Bug Stomping 102
Lesson: A6: Security Misconfiguration
Lesson: A7: Cross Site Scripting (XSS)
Lesson: A8/9: Deserialization/Vulnerable Components
Lesson: A10: Insufficient Logging and Monitoring
Lesson: Spoofing, CSRF, and Redirects
Session: Moving Forward
Lesson: Applications: What Next?
Lesson: Making Application Security Real
Additional Topics: Time Permitting
Lesson: Cryptography Overview
Lesson: Scanning Applications Overview
This lecture / demo style course includes course notes and other related resources for review after class.
Live scheduled classes are listed below or browse our full course catalog anytime
We regulary offer discounts for individuals, groups and corporate teams. Contact us
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Learning is Twice as Nice!
Buy One Get One Free!
Enroll by March 31 in any TWO public classes in 2023 for the price of ONE!
Limited Offer for most courses.