Java Training Overview
This course exposes students to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.
The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.
This version of the course targets Java SE 6 and Java EE 5, but it is largely applicable to Java SE 5 and J2EE 1.4 as well, and groups looking for Java training who know they'll be using those earlier platforms are encouraged to use this course. For training within the J2SE 1.4 environment, please see version Secure Systems
.)
Java Training Prerequisites
Java Training Learning Objectives
Java Training Course duration
3 Days
Java Training Course outline
1. Java SE Security
2. Code Signature and Key Management
3. Secure Development Practices: Java SE
4. Cryptography
5. JAAS
6. Java EE Security
7. Secure Development Practices: Java EE
Appendix A. Learning Resources
System Requirements
Hardware minimal: 500 MHz, 256 meg RAM, 500 meg disk space
Hardware recommended: 1.5 GHz, 512 meg RAM, 1 gig disk space
Operating system: Tested on Windows XP Professional. Course software should be viable on all systems which support a Java 6 Developer's Kit.
Software: All free downloadable tools.