GS-35F-0556S
Contact Us
Toll Free 877.932.8228

Skip navigation

Home

Course Catalog

Technology Training

Business Training

About Us

The class was great. It met all of our expectations. Thank you for being flexible with us.... More Testimonials »

Home > Java > Java Fundamentals > Java Security Training

Java Security Training

Delivery Options

Customized Onsite Training (3 days): Request a Proposal

Class Description

Class Overview

This course exposes students to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.

The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.

This version of the course targets Java SE 6 and Java EE 5, but it is largely applicable to Java SE 5 and J2EE 1.4 as well, and groups looking for Java training who know they'll be using those earlier platforms are encouraged to use this course. For training within the J2SE 1.4 environment, please see version 1.4 of this course.)

Class Goals

Design and implement security policies for Java applications, servers, and components.
Manage keys and certificates for a Java application, and sign code sources as necessary.
Practice secure design and coding, and balance usability with security in UI and API.
Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE.
Incorporate JAAS authentication into an application.
Implement a JAAS LoginModule to connect to your own application data.
Secure Java EE applications by URL and role, and integrate JAAS authentication.
Avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.

Class Outline

Java SE Security
1. Holistic Security Practices
2. Threats to the User
3. The Class Loader and Bytecode Verifier
4. System Classes and the Core API
5. SecurityManager and AccessController
6. Permissions
7. Implication
8. CodeSources
9. Policies
10. Configuring Java SE Security
11. Dynamic Policies
12. Privileged Actions
Code Signature and Key Management
1. Encryption and Digital Signature
2. Keystores
3. Keys and Certificates
4. Certificate Authorities
5. The KeyStore API
6. Signing JARs
7. Signed CodeSources
8. Additional Policy Semantics
Secure Development Practices: Java SE
1. Code Injection
2. Final Classes and Methods
3. Singletons, Factories, and Flyweights
4. Methods, Collections, and Data Hiding
5. Sealing JARs
6. Code Obfuscation
7. Object Serialization
Cryptography
1. Threats to Identity and Privacy
2. The Java Cryptography Extensions
3. The Signature Class
4. SignedObjects
5. The Java Cryptography Extensions
6. SecretKeys and KeyGenerator
7. The Cipher Class
8. Dangerous Practices
9. HTTP and JSSE
JAAS
1. Pluggable Authentication Logic
2. JAAS
3. Packages and Interfaces
4. Subjects and Principals
5. ANDs and ORs
6. Impersonation Methods
7. Permissions for JAAS Use
8. LoginContext and LoginModule
9. Configuring JAAS
10. CallbackHandler and Callbacks
11. Implementing a JAAS Client
12. Implementing a LoginModule
Java EE Security
1. Java EE Servers as Code Hosts
2. Tomcat Security Configuration
3. Declaring Roles
4. Securing URLs
5. HTTP Authentication Schemes
6. Securing EJBs
7. Programmatic Security
8. JAAS in Java EE
9. Realms and LoginModules
10. JAAS in Tomcat
11. JACC
12. Certifying a Java EE Application
13. HTTPS Configuration
Secure Development Practices: Java EE
1. Presentation-Tier Vulnerabilities
2. User Accounts
3. MVC and Security
4. Validating User Input
5. SQL Injection
6. Cross-Site Scripting
7. Reflected XSS
8. Defeating XSS
9. OWASP
10. Penetration Testing
11. Error Handling and Information Leakage
12. Logging and Auditing

Class Materials

All students receive a course manual or book and all the class examples.

Students in private onsite classes will also receive:

Technical Reference Library

Class Prerequisites

Experience in the following areas is required:

Solid Java programming experience is assumed
Though extensive practical experience with Java EE development is not necessary, some knowledge of Java EE architecture and development is also recommended

Technical Requirements

Our computer technical requirements and setup process is easy, with support just a click away.

Course technical requirements and setup instructions.

Java ^®, all Java-based marks, Hibernate ^®, and all Hibernate-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries.

Quick Links

Client Success

Join The Team

Learn how you can become a Webucator Trainer
Career Opportunities

Training Classes

Locations

Where We've Trained
Some of the Cities in which Webucator has Trained:
1. Phoenix, AZ
2. Pittsburgh, PA
3. Portland, OR
4. Providence, RI
5. Raleigh, NC
6. Sacramento, CA
7. St. Louis, MO
8. San Diego, CA
9. San Francisco, CA
10. San Jose, CA
11. Santa Clara, CA
12. Seattle, WA
13. Sunnyvale, CA
14. Tallahassee, FL
15. Tempe, AZ
16. Toronto, ON
17. Tucson, AZ
18. Tulsa, OK
19. Virginia Beach, VA
20. Washington, DC
1. Fort Worth, TX
2. Hampton, VA
3. Hollywood, FL
4. Houston, TX
5. Huntsville, AL
6. Indianapolis, IN
7. Jacksonville, FL
8. Las Vegas, NV
9. Lexington, KY
10. Los Angeles, CA
11. Louisville, KY
12. Madison, WI
13. Memphis, TN
14. Milwaukee, WI
15. Nashville, TN
16. New York, NY
17. Oklahoma City, OK
18. Omaha, NE
19. Ottawa, ON
20. Philadelphia, PA
1. Amarillo, TX
2. Atlanta, GA
3. Aurora, IL
4. Austin, TX
5. Baltimore, MD
6. Beaumont, TX
7. Boston, MA
8. Buffalo, NY
9. Calgary, AB
10. Cary, NC
11. Chandler, AZ
12. Chicago, IL
13. Cincinnati, OH
14. Cleveland, OH
15. Colorado Springs, CO
16. Columbus, OH
17. Dallas, TX
18. Dayton, OH
19. Denver, CO
20. Detroit, MI
We have trainers all over North America.
1. Indianapolis, IN
2. Boston, MA
3. Silver Spring, MD
4. Portland, ME
5. Detroit, MI
6. Minneapolis, MN
7. Kansas City, MO
8. St. Louis, MO
9. Jackson, MS
10. Charlotte, NC
11. Nashua, NH
12. Atlantic City, NJ
13. Newark, NJ
14. Jersey City, NJ,
15. Reno, NV
16. Philadelphia, PA
17. Calgary, Canada
18. Toronto, Canada
1. Phoenix, AZ
2. Los Angeles, CA
3. Oakland, CA
4. San Diego, CA
5. San Francisco, CA
6. San Jose, CA
7. Santa Clara, CA
8. Sacramento, CA
9. Boulder, CO
10. Denver, CO
11. Hartford, CT
12. Fort Lauderdale, FL
13. Fort Myers, FL
14. Orlando, FL
15. Tallahassee, FL
16. Atlanta, GA
17. Boise, ID
18. Chicago, IL

Live eLearning

Like a class you would go to, but you don't have to go anywhere. More...

Customized Onsite Training

The trainer comes to you and delivers a class customized for your team. More...

Self-Paced eLearning

Our least expensive option. You proceed through the course entirely at your own pace. More...

Reference Library

Partner Programs

Courseware

Microsoft Partner

» Certified Microsoft Courses

» Software Assurance Training Vouchers