secure training

 

Secure Coding – 2 Days

Course Description – Secure Coding

Today, hackers have achieved tremendous successes while the software developers are just beginning to learn about secure coding. This secure coding course is for developers who want to defend against hackers.  The course is intended for software architects and engineers. It gives them a practical level of experience, achieved through a combination of about 50% lecture, 50% demo work with student’s participation.

Intended Audience

Software Architects, Developers

What You Will Learn

  • Understand what security is
  • Add basic, programmatic security to your code
  • Understand how to defend against an attack
  • Understand how to secure resources=

Prerequisites

  • Familiarity with any programming language
    • However, Java is preferred, since many labs are in Java
  • Be able to navigate the Linux command line
  • Basic knowledge of command line Linux editors (VI / nano)

Lab Environment

Working environment will be provided for students.  Students would only need an SSH client and a browser.
Zero Install: There is no need to install software on students’ machines.

Outline

  • Fundamentals
    • Why and what?
    • Characteristics of application security
    • Basic security mechanisms

    Basic Security within Java SE 8

    • Mutability of objects
    • Variable, method, class, and package scopes
    • Thread safety
    • Exception handling
    • Input validation

    Basic Security at the EE level

    • Role-based authentication
    • Specifying Security Constraints
    • Programmatic security
    • Declarative security

    Programming Against an Attack

    • Denial of Service (DoS)
    • SQL Injection
    • Large files
    • XML and HTML issues
    • LDAP injection
    • XPath injection
    • Password storage

    Defensive Programming

    • Error handling in the Java EE space
    • Type annotation syntax and the Checker Framework
    • Application-layer security
    • Transport-layer security
    • Message-layer security
    • Secure connection using SSL

    Java Security

    • REST endpoint security
      • oauth2 token-based authentication and authorization
      • oauth2 server setup
      • embedded token server, token lifecycle, and management
      • REST security best practices:
        • Authorization
        • Input validation
        • Output encoding
        • Cryptography
        • HTTP status codes
      • Developing securing Java applications
        • Safe coding and design patterns
        • How to find vulnerable code while doing a code review
        • The most common pitfalls
      • JavaScript security
        • How to manage secure PII data on the end client apps (mobile app, browser, tablet)
        • Versions: OAuth2, Angular4
        • Cross-site scripting (XSS)
        • Cross-site request forgery (CSRF)
        • Common JavaScript vulnerabilities
        • JavaScript security analyzers

    Securing Resources

    • Authentication mechanisms
    • Using Form-Based Login
    • Digital certificates
    • Using JDBC Realm
    • Securing HTTP resources
    • Securing Application clients
MindIQ.com 
Print Friendly, PDF & Email