Information Request







Register Now

Course Number: ECSP

Duration: 5 Days

Request ECSP course schedules and additional details:


Software defects, bugs, and flaws in the logic of a program are consistently the cause for software vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.

Attackers scan for security vulnerabilities in applications and servers and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. Secure programming is a defensive measure against attacks targeted towards application systems.

Course Objectives

Module 01: Introduction to Java Security

Discusses the need for Secure Coding

Briefs on the basics of Java Security

Illustrates the Java Security Platform

Defines Sandbox and how it protects users from hostile applications

Explains the concept of Java Virtual Machine

Defines the concept of Class Loading

Demonstrates the class file verification through Bytecode Verifier

Explains how Security Manager prevents untrusted code from executing

Briefs on the set of Security Policies

Illustrates Java Security Framework

Module 02: Secure Software Development

Discusses the concept of Secure Software Development

Briefs on the fundamentals of Threat Modeling

Illustrates Software Security Frameworks

Discusses Secure Design and Coding Patterns

Discusses System Quality Requirements Engineering

Describes Software Security Testing

Briefs on the basics of Secure Code Review and related vulnerabilities

Discusses various Source Code Analysis Tools

Module 03: File Input/Output and Serialization

Briefs on the basics of File Input/Output in Java

Discusses various secure File I/O coding practices

Briefs on File input/output best practices

Discusses various File I/O standard guidelines

Explains the fundamental concepts of Serialization

Illustrates various secure coding practices in Serialization

Discusses important Serialization best practices

Provides key guidelines to Serialization

Module 04: Input Validation

Explains the concept of Input Validation

Discusses various Data Validation Techniques

Describes in detail about Struts Validator and Input Validation

Explains in detail about Input validation using HTML Encoding

Discusses fundamentals of Prepared Statement

Gives information about the basics of CAPTCHA

Describes in detail about Stored Procedures and Input Validation

Discusses secured Character Encoding

Illustrates common errors that occur in input validation process

Discusses best practices in Input Validation

Module 05: Error Handling and Logging

Discusses the basics of Exceptions and Error Handling

Illustrates various Erroneous Exceptional Behaviors

Gives information about Do’s and Don’ts in Error Handling

Discusses the best practices in Error Handling

Describes the fundamentals of Logging in Java

Discusses the basics of secured Logging using Log4j

Discusses secure coding in Logging

Briefs on secured practices in Logging

Module 06: Authentication and Authorization

Briefs on the basics of Authentication

Illustrates various types of Authentication and Authorization methods

Discusses in detail the implementation methods of Declarative and Programmatic


Explains the process for the implementation of Kerberos

Describes about Client Certificate Authentication in Tomcat

Explains in detail about the concept of Certificate Generation with Keytool

Discusses Authentication weaknesses and prevention

Briefs on the basics of Authorization and Access Control Model in Java

Explains the concept of Servlet Containers and how users are authorized through Servlets

Describes EJB authorization controls

Discusses Authorization common mistakes and countermeasures

Module 07: JAAS

Gives information on the fundamentals of JAAS

Explains in detail high level overview of JAAS Architecture

Discusses salient features of Pluggable Authentication Module (PAM) Framework

Explains various access permissions through Authentication in JAAS

Describes various login events through Authentication Steps in JAAS

Explains in detail policy and security based Authorization in JAAS

Briefs on JAAS Permissions through Java Security Model

Discusses various best practices for Securing Tomcat Server

Module 08: Java Concurrency and Session Management

Describes various concepts of Java Concurrency

Discusses the fundamentals of Java Memory Model

Gives information about various Java Thread Implementation methods

Explains about secure coding for threads

Describes the concept of race conditions

Explains in detail about deadlock , its secured practices and preventive measures

Discusses the best practices in handling threads

Briefs about the fundamentals of Secured Session Management

Provides various best coding practices for Sessions

Discusses the guidelines for Secured Sessions

Module 09 : Java Cryptography

Discusses about the need and basics of Java Cryptography

Describes in detail about Encryption, KeyGenerator and Secret Keys

Illustrates the implementation of Cipher Class

Discusses about Digital Signatures, Signature Class and Signed Objects

Defines SSL protocol and describes how it is supported in JSSE

Explains in detail about Key Management System and Keystores

Describes in detail about Signing Jars and Signed Code Sources

Discusses Do’s and Don’ts, along with the best practices in Java Cryptography

Module 10: Java Application Vulnerabilities

Briefs on the strengths and weaknesses of Java applications

Discusses various Java Application Vulnerabilities

Explains Cross -Site Scripting (XSS) and various countermeasures

Describes about Cross Site Request Forgery (CSRF) attack and prevention techniques

Gives information on Directory Traversal vulnerability and helps learn techniques to avoid it

Discusses basics of HTTP Response Splitting attack and prevention methods

Discusses about Parameter Manipulation and helps learn prevention techniques

Describes various types of Injection Attacks and countermeasures to avoid them


Register Now

For more information on how CertFirst can assist you please Contact Us

Payment Policy | Terms & Conditions

Close [X]