The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Java Security Fundamentals

Course Description

No matter what product or service you’re building, understanding Java platform security is an essential foundation. In this course, you’ll learn platform security concepts along with practical security knowledge you can immediately apply to your own project. You’ll write secure code using platform APIs and identify common mistakes. This course is beneficial whether you’re building desktop applications, web applications, service infrastructure, the Internet of Things (IoT), or embedded applications.

Learning Objectives

  • Tackle Java platform security concepts and architecture
  • Implement public key infrastructure (PKI) and Java trust management concepts
  • Write secure code using Java SE APIs
  • Avoid common platform security pitfalls

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Beginner

Intended Audience: 

  • Front-End Developers
  • Back-End Developers
  • Architects

Prerequisites: None

Course Outline

Introduction

  • Security Libraries

Platform Security

  • Strong Data Typing
  • Automated Garbage Collection
  • Secure Class Loading
  • Bytecode Verification
  • Exception Handling

Operational Concerns—Java Platform Security

  • SDLC Security
  • Strategic Design for Security
  • Certify Your Software Against Supported Java Runtime Environments (JREs)
  • Principles of Least Privilege (POLP)
  • Secure by Default

Data Validation

  • Sanitization and Validation
  • Security Validation: Blacklisting and Whitelisting

Logging

  • Getting Started with Logging
  • Logging Domains
  • Logging Security Use Cases
  • Design, Implementation, and Testing Considerations
  • Events to Log
  • Event Attributes
  • Security Logging with OWASP
  • Logging Technology

Advanced Coding Concept

  • Avoid String for Volatile Secrets
  • Avoid Deserializing Objects From Untrusted Sources
  • Java Native Interface (JNI) Bypasses Platform Safety Controls and Buffer Overflows
  • XEE/XXE XML Attacks

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster