Video description
Secure design is essential to building and deploying secure Java programs. But, even the best of designs can result in insecure programs if developers are not aware of the numerous potential security pitfalls in Java programming.
This course begins with a detailed explanation of common programming errors encountered in Java. Further, it takes you through security issues intrinsic to Java programming languages and associated libraries. Later, you will gather insights on poor programming practices that lead to vulnerable code and how to code securely and maintain secure development practices throughout the software development life cycle.
In this course, you will gain knowledge on input validation defences that can be used to protect against common application vulnerabilities, as well as learn to conduct application security testing for web applications to assess vulnerabilities. In addition, you will learn how to secure Java applications by using the Spring Security framework, a powerful and highly customizable authentication and access-control framework.
By the end of this course, you will be able to drive the development of a holistic application security program in Java.
Table of Contents
Chapter 1: Introduction to Java Security
Course Overview
Understanding Application Security, Threats, and Attacks
Historical Vulnerabilities and Exploits
The Java Security Model
Chapter 2: Secure Application Design
Introduction to Secure Design
Gathering Security Requirements
Application Threat Modeling
Secure Application Design and Architecture
Secure Deployment and Maintenance
Chapter 3: Secure Coding Practices for Cryptography
Introduction to Java Cryptography
Using Java Cryptography Architecture and Third-Party APIs
Common Cryptographic Error
Chapter 4: Secure Coding Practices for Error Handling
Introduction to Java Exceptions
Failing to Properly Handle Exceptions
Data Leaks in Error Messages
Chapter 5: Concurrency and Race Conditions
Introduction to Concurrency
The Java Memory Model
Concurrency and Race Condition Vulnerabilities
Chapter 6: Concurrency and Race Condition Vulnerabilities
Introduction to Java Web Applications
Securing Communications with Java Secure Socket Extension (JSSE)
Web Service Attacks and Security
Input Sanitization and Validation
Chapter 7: Secure Coding Practices for Authentication, Authorization, and Session Management
Introduction to Authentication and Authorization
Java Authentication and Authorization Service (JAAS)
Authentication and Access Control with the Spring Security Framework
Chapter 8: Static and Dynamic Application Security Testing
Introduction to Application Security Testing
Manual Code Review
Using Static Analysis Tools
Dynamic Application Security Testing
Integrating Code Review into the SDLC