When does class start/end?
Classes begin promptly at 9:00 am, and typically end at 5:00 pm.
Attacking and Securing Java EE Web Applications is a lab-intensive, hands-on Java EE security training course that provides a unique coverage of Java application security. In this course, students...
Read More
Attacking and Securing Java EE Web Applications is a lab-intensive, hands-on Java EE security training course that provides a unique coverage of Java application security. In this course, students begin with penetration testing, hunting for bugs in Java web applications. They then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references). Students will repeatedly attack and then defend various assets associated with fully functional web applications and services. This hands-on approach drives home the mechanics of how to secure JEE web applications in the most practical of terms.
Students will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses.
Although this edition of the course is Java-specific, it may also be presented using .Net or other programming languages.
This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications
Familiarity with Java and Java EE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.
Students should have basic development skills and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Session: Bug Hunting Foundation
Session: Moving Forward From Hunting Bugs
Session: Foundation for Securing Web Applications
Session: Bug Stomping 101
Session: Bug Stomping 102
Session: Secure Development Lifecycle (SDL)
Session: Moving Forward with Application Security