This five-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure Java programs regardless of the specific application.
A basic to intermediate understanding of the Java programming language.
Software security knowledge or experience.
This course is designed for Java developers.
Participants will learn how to:
improve the overall security of any Java application
avoid injection attacks, such as SQL injection and XSS
understand Java's memory model, with a thorough grounding of concurrency, and learn how to prevent race conditions while avoiding deadlock
learn when to throw and catch exceptions
avoid I/O vulnerabilities, including file-based race conditions
learn how historical exploits on Java were executed and later disabled
The CERT Oracle Secure Coding Standard for Java
Java Coding Guidelines
Classroom Labs and Exercises