Skill Up Card - Course Bundles

Pricing is per delegate, giving you huge savings over the cost of individual courses.

  • Ireland = €2,400 per Skill Up Card
skill up card logo - Nexus Human

Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J)

4.6 out of 5 rating Last updated 18/01/2025   English

Jump to outline

Click "Enquire" below to find out more about this course

Interested in available dates? Would like to book a private session of this course for your company? Or for any other queries please simply fill out the form below.


Duration

4 Days

24 CPD hours

Overview

Working in a dynamic, lab-intensive hands-on coding environment you’ll learn to:
Ensure that any bug hunting is performed in a safe and appropriate manner
Identify defect/bug reporting mechanisms within their organizations
Work with specific tools for targeted vulnerabilities
Avoid common mistakes that are made in bug hunting and vulnerability testing
Understand the concepts and terminology behind defensive, secure coding including the phases and goals of a typical exploit
Develop an appreciation for the need and value of a multilayered defense in depth
Understand potential sources for untrusted data
Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
To test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
Prevent and defend the many potential vulnerabilities associated with untrusted data
Understand the vulnerabilities of associated with authentication and authorization
Detect, attack, and implement defenses for authentication and authorization functionality and services
Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
Detect, attack, and implement defenses against XSS and Injection attacks
Understand the risks associated with XML processing, file uploads, and server-side interpreters and how to best eliminate or mitigate those risks
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure

Description

Attacking and Securing Java EE Web Applications is a lab-intensive, hands-on Java EE security training course that provides a unique coverage of Java application security. In this course, students begin with penetration testing, hunting for bugs in Java web applications. They then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references). Students will repeatedly attack and then defend various assets associated with fully functional web applications and services. This hands-on approach drives home the mechanics of how to secure JEE web applications in the most practical of terms.Students will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications.

Why Hunt Bugs
  • Security and Insecurity
  • Dangerous Assumptions
  • Attack Vectors
Safe and Appropriate Bug Hunting/Hacking
  • Working Ethically
  • Respecting Privacy
  • Bug/Defect Notification
  • Bug Bounty Programs
Removing Bugs
  • Open Web Application Security Project (OWASP)
  • OWASP Top Ten Overview
  • Web Application Security Consortium
  • CERT Secure Coding Standards
  • Bug Hunting Mistakes to Avoid
  • Tools and Resources
Principles of Information Security
  • Security Is a Lifecycle Issue
  • Minimize Attack Surface Area
  • Layers of Defense: Tenacious D
  • Compartmentalize
  • Consider All Application States
  • Do NOT Trust the Untrusted
  • Tutorial: Working with Eclipse (JEE Version) and Apache TomEE 7x
  • Tutorial: Working with the HSQL Database
Unvalidated Data
  • Buffer Overflows
  • Integer Arithmetic Vulnerabilities
  • Unvalidated Data: Crossing Trust Boundaries
  • Defending Trust Boundaries
  • Whitelisting vs Blacklisting
A1: Injection
  • Injection Flaws
  • SQL Injection Attacks Evolve
  • Drill Down on Stored Procedures
  • Other Forms of Injection
  • Minimizing Injection Flaws
A2: Broken Authentication
  • Quality and Protection of Authentication Data
  • Handling Passwords on Server Side
  • SessionID Risk Reduction
  • HttpOnly and Security Headers
A3: Sensitive Data Exposure
  • Protecting Data Can Mitigate Impact
  • In-Memory Data Handling
  • Secure Pipes
  • Failures in TLS/SSL Framework
A4: XML External Entities (XXE)
  • XML Parser Coercion
  • XML Attacks: Structure
  • XML Attacks: Injection
  • Safe XML Processing
A5: Broken Access Control
  • Access Control Issues
  • Excessive Privileges
  • Insufficient Flow Control
  • Unprotected URL/Resource Access
  • Examples of Shabby Access Control
  • Sessions and Session Management
A6: Security Misconfiguration
  • System Hardening: IA Mitigation
  • Application Whitelisting
  • Least Privileges
  • Anti-Exploitation
  • Secure Baseline
A7: Cross Site Scripting (XSS)
  • XSS Patterns
  • Persistent XSS
  • Reflective XSS
  • DOM-Based XSS
  • Best Practices for Untrusted Data
A8/9: Deserialization/Vulnerable Components
  • Deserialization Issues
  • Identifying Serialization and Deserializations
  • Vulnerable Components
  • Software Inventory
  • Managing Updates
A10: Insufficient Logging and Monitoring
  • Fingerprinting a Web Site
  • Error-Handling Issues
  • Logging In Support of Forensics
  • Solving DLP Challenges
Spoofing, CSRF, and Redirects
  • Name Resolution Vulnerabilities
  • Fake Certs and Mobile Apps
  • Targeted Spoofing Attacks
  • Cross Site Request Forgeries (CSRF)
  • CSRF Defenses
SDL Overview
  • Attack/Defense Basics
  • Types of Security Controls
  • Attack Phases: Offensive Actions and Defensive Controls
  • Secure Software Development Processes
  • Shifting Left
  • Actionable Items Moving Forward
Applications: What Next
  • Common Vulnerabilities and Exposures
  • CWE/SANS Top 25 Most Dangerous SW Errors
  • Strength Training: Project Teams/Developers
  • Strength Training: IT Organizations
  • Leveraging Common AppSec Practices and Control
Making Application Security Real
  • Cost of Continually Reinventing
  • Paralysis by Analysis
  • Actional Application Security
  • Additional Tools for the Toolbox
Additional course details:

Nexus Humans Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) Course

Available Delivery Options for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training.
  • Live Instructor Led Classroom Online (Live Online)
  • Traditional Instructor Led Classroom (TILT/ILT)
  • Delivery at your offices in London or anywhere in the UK
  • Private dedicated course as works for your staff.
How many CPD hours does the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training provide?

The 4 day. Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training course give you up to 24 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

What is the correct audience for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training?

This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and Java EE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.

Do you provide training for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J).

Yes we provide corporate training, dedicated training and closed classes for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J). This can take place anywhere in Ireland including, Dublin, Cork, Galway, Northern Ireland or live online allowing you to have your teams from across Ireland or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) program.

The Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training takes place over 4 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

Why are Nexus Human the best provider for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J)?
Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for Ireland on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.
Is there a discount code for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training.

Yes, the discount code PENPAL5 is currently available for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.

Jump to dates

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us


Top

}