Secure Java

One-day training course will answer all your questions and dilemmas. You will learn the proper protection of your code, applications (and not only). Trust the specialists … the use of a dedicated “Security Officer” is equal to opening the gate for intruders.

“Secure Java” one-day training course will make you aware of the risks and indicate how to strengthen the weakest link, which is usually us. Together with the participants, we will analyse selected attacks on Java and JVMa. All this to allow the defence and safer Java code development. “Secure Java” training course is the result of conscious actions of software developers, not so much involving the built-in mechanisms, or SecurityManager expensive calls in terms of efficiency, but which bypass certain elements of Java, writing a simple code with built-in security mechanisms.

The course lasts one day and ends with a 1.5-hour test. You can get a certificate!

Course programme:

1) Safety … at various levels: physical and remote access, techniques of social engineering, physical, hardware, software protection, rights and privileges. Protecting configuration (password files, their storage, encryption, etc.).

2) Safe Java or Java Security Manager and its appurtenances. Methods of attacks and protection of JVMa and Java. Good practices (including those related to writing code). Exercises related to: security design, finding attack vectors, analysing techniques of social engineering, file encryption with passwords, attempts to break the security devices built-in the known solutions (JBoss, Wildfly, Hibernate, etc.), API design for safety purposes.

3) Web-applications and security: authentication, roles, the most important risks, the most popular ways of attack. In this part of the course the topics are selected in order to meet your specific expectations.

Below is an example set of weakness according to the OWASP risk rating:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure

4) Construction of software and selected security tools… We will slightly diverge from the very Java here, to look at the issue from a broader perspective. We will rely on the principle that “security is only as strong as the weakest link …”. We will discuss the methods of attack, aimed at stealing the code and we will identify ways to defend against it.

The training ends with an on-line test. The participants of the course take the test in the presence of the examiner.

Ask for this course