Java Security Training

Categories: PHP, WordPress, Laravel
Duration: 40 Hours
Lesson: 10 Lessons
Type: Online Training
Includes: Course Meterial

Course Overview

Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.
  • Training by Realtime Expert trainer
  • Live Online Classes
  • Free study material
  • Online virtual Classes available in morning, evening and weekend

Prerequisties

  • ava programming experience is assumed - both structured and object-oriented techniques.
  • knowledge of Java EE architecture and development is also required, though extensive practical experience with Java EE development is not strictly necessary.

Duration

Online
  • The format is 40% theory, 60% Hands-on.
  • It is a 20 days program and extends up to 2hrs each.
Corporate
  • The format is 40% theory, 60% Hands-on.
  • It is a 5 days program and extends up to 8hrs each.
Classroom
  • Private Classroom arrenged on request and minimum attendies for batch is 4.

Content

  • Java SE Security
    • Holistic Security Practices
    • Threats to the User
    • The Class Loader and Bytecode Verifier
    • System Classes and the Core API
    • SecurityManager and AccessController
    • Permissions
    • Implication
    • CodeSources
    • Policies
    • Configuring Java SE Security
    • Dynamic Policies
    • Privileged Actions
  • Code Signature and Key Management
    • Encryption and Digital Signature
    • Keystores
    • Keys and Certificates
    • Certificate Authorities
    • The KeyStore API
    • Signing JARs
    • Signed CodeSources
    • Additional Policy Semantics
  • Secure Development Practices: Java SE
    • Code Injection
    • Final Classes and Methods
    • Singletons, Factories, and Flyweights
    • Methods, Collections, and Data Hiding
    • Sealing JARs
    • Code Obfuscation
    • Object Serialization
  • Cryptography
    • Threats to Identity and Privacy
    • The Java Cryptography Extensions
    • The Signature Class
    • SignedObjects
    • The Java Cryptography Extensions
    • SecretKeys and KeyGenerator
    • The Cipher Class
    • Dangerous Practices
    • HTTP and JSSE
  • JAAS
    • Pluggable Authentication Logic
    • JAAS
    • Packages and Interfaces
    • Subjects and Principals
    • ANDs and ORs
    • Impersonation Methods
    • Permissions for JAAS Use
    • LoginContext and LoginModule
    • Configuring JAAS
    • CallbackHandler and Callbacks
    • Implementing a JAAS Client
    • Implementing a LoginModule
  • Java EE Security
    • Java EE Servers as Code Hosts
    • Tomcat Security Configuration
    • Declaring Roles
    • Securing URLs
    • HTTP Authentication Schemes
    • Securing EJBs
    • Programmatic Security
    • JAAS in Java EE
    • Realms and LoginModules
    • JAAS in Tomcat
    • JACC
    • Certifying a Java EE Application
    • HTTPS Configuration
  • Secure Development Practices: Java EE
    • Presentation-Tier Vulnerabilities
    • User Accounts
    • MVC and Security
    • Validating User Input
    • SQL Injection
    • Cross-Site Scripting
    • Reflected XSS
    • Defeating XSS
    • OWASP
    • Penetration Testing
    • Error Handling and Information Leakage
    • Logging and Auditing
  • Conclusion

Course Calender

1 Sep 2022
Attend Now