The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Defensive Programming for Java EE Web Applications

Course Description

Defensive Programming for Java EE Web Applications picks up where Java Security Fundamentals and Java Advanced Secure Coding leave off. This course covers important features and information for Java EE application designers. You’ll learn about common security concerns across the enterprise, as well as methods and features to strengthen enterprise solutions. The course also includes relevant information beyond platform specifications and features, such as the transfer of Java EE specifications from Oracle to the Eclipse Foundation.

Learning Objectives

  • Understand and apply security features provided by the Java EE framework
  • Anticipate and address common security challenges across Java EE applications
  • Prepare for platform changes that may impact your Java EE solution

Details

Delivery Format: eLearning

Duration: 45 Minutes

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Enterprise Developers
  • Architects
Prerequisites:

 

Course Outline

Introduction

  • Java EE Architecture
  • Container Security
  • Transport Security
  • Messaging Security
  • Java Enterprise Non-Web Risks

Container Security

  • Encoding Reserved Control Sequences Within Untrusted Input
  • Data Validation
  • Container Authentication and Authorization
  • Data Sources and Sinks
  • Session Management
  • Bean Validation API

Transport Security

  • Secure Transport Techniques
  • Common Security Concerns

Messaging Security

  • Generating/Processing API Service Tokens
  • Securing SOAP/XML Messages
  • Common Security Concerns
  • Equifax 2017 Incident

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster