Full course

Build Secure Java Web Applications

This intensive course, ideal for Java application developers, aims to demonstrate methods and approaches for developing secure Java web applications based on the Spring framework. It includes practical exercises, based on Java Spring web applications.

Details

Course overview

The course provides Java web developers, particularly those working with the Spring framework, the knowledge and skills required to build secure web applications. The training will cover a wide range of topics, including the identification and analysis of common Java-specific vulnerabilities, the implementation of secure coding practices within the Java and Spring ecosystems, and the adoption of industry-standard security frameworks and methodologies for Java-based web development. Participants will engage in practical exercises based on real-world Java web applications based on the Spring framework, allowing them to apply the learned concepts in a hands-on and engaging manner.

Requirements

  • Basic knowledge of the architecture and functioning of web applications

  • Basic knowledge of Java and optionally Spring

Course content

  • Introduction to Secure Code writing: An overview of fundamental principles for writing secure code.

  • Secure SDLC (Software Development Life Cycle): Understanding the stages and methodologies involved in integrating security into the Software Development process.

  • Black Box Testing vs Code Review: Exploring different approaches to assessing the security of applications.

  • Secure Coding Principles: Understanding fundamental principles and techniques for securing code against common vulnerabilities.

  • Burp Suite Introduction: Introduction to Burp Suite, a popular tool used for Web application security testing and analysis.

  • Bug Bounties: Understanding Bug Bounty programs and their role in enhancing application security.

  • Information Gathering: Techniques for gathering information about applications and potential vulnerabilities.

  • Application Fingerprinting: Identifying unique characteristics of applications for security purposes.

  • Improper Error Handling: Understanding common errors in error handling and their security implications.

  • Injection: Exploring injection vulnerabilities and techniques for defending against them.


  • Authentication: Understanding authentication vulnerabilities and best practices for implementing secure authentication mechanisms.

  • JWT: Understanding JSON Web Tokens and their role in authentication.

  • Authorization: Understanding authorization vulnerabilities and techniques for secure Access Control.

  • Application Logic: Strategies for preventing attacks that exploit flaws in application logic.

  • Sensitive Data Exposure On Transit: Techniques for securing sensitive data during transmission.

  • Sensitive Data Exposure At Rest: Methods for protecting sensitive data when stored.

  • Data Validation: Techniques for validating and sanitizing user input.


  • Open Redirect: Understanding and preventing Open Redirect vulnerabilities.

  • Arbitrary File Upload: Strategies for preventing vulnerabilities related to arbitrary file uploads.

  • Vulnerable Components: Understanding and mitigating vulnerabilities related to third-party components.

  • XXE: Understanding XML External Entity (XXE) vulnerabilities and mitigation techniques.

  • Session Management: Strategies for managing user sessions securely within web applications.

  • SSRF: Understanding Server-Side Request Forgery (SSRF) vulnerabilities and mitigation techniques.


  • Cors Security: Understanding Cross-Origin Resource Sharing (CORS) security and best practices.

  • CSP: Understanding Content Security Policy (CSP) and its role in Web application security.

  • Clickjacking: Understanding and preventing clickjacking attacks.

  • Denial of Service: Understanding Denial of Service attacks and mitigation techniques.

  • Software and Data Integrity failures: Understanding and preventing software and data integrity failures.

  • Spring Boot and Spring Security: Introduction to Spring Boot and Spring Security frameworks.

  • Spring Security vs .NET Security: A comparison between Spring Security and .NET security frameworks.


Your instructor

  • TBD Senior Instructor

Other courses
  • Full course

    Build Secure Android Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for Android application developers, aims to demonstrate methods and approaches for developing secure Android native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • best-seller

    Full course

    Build Secure .NET Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for .NET application developers, aims to demonstrate methods and approaches for developing secure .NET web applications. It includes practical exercises, based on .NET web applications.

    DISCOVER MORE
  • Full course

    Build Secure iOS Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for iOS application developers, aims to demonstrate methods and approaches for developing secure iOS native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • Full course

    Build Secure PHP Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for PHP application developers, aims to demonstrate methods and approaches for developing secure PHP web applications. It includes practical exercises, based on applications developed in PHP.

    DISCOVER MORE
  • Full course

    Build Secure Web Applications

    Defensive
    ~32 hours
    Online

    This generic course, ideal for web developers, aims to demonstrate methods and approaches for developing secure software. During the course, the main errors leading to application vulnerabilities will be highlighted, along with techniques to prevent them.

    DISCOVER MORE
  • Full course

    Cloud Security Fundamentals

    Fundamentals
    ~16 hours
    Online

    This course is designed to train participants on the security issues related to cloud services. The course will cover the main security threats as well as best practices for proactively defend cloud assets (infrastructure, applications, etc.).

    DISCOVER MORE
  • Full course

    Cyber Security Fundamentals

    Fundamentals
    ~24 hours
    Online

    This awareness course aims to provide theoretical foundations of cybersecurity through a comprehensive coverage of associated topics. Starting from the fundamentals of cybersecurity, participants will learn key concepts through theoretical discussions and real-life examples.

    DISCOVER MORE
  • Full course

    Ethical Hacking Fundamentals

    Fundamentals
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment through a comprehensive coverage of associated topics. Starting from the basics of cybersecurity, participants will learn key concepts through theoretical discussions and practical exercises drawn from real-life.

    DISCOVER MORE
  • Full course

    Mobile Application Penetration Testing

    Offensive
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment of a mobile application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

    DISCOVER MORE
  • Full course

    Web Application Penetration Testing

    Offensive
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment of a web application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

    DISCOVER MORE