UMBC Training Centers logo

Java Development for Secure Systems

 

Course Description | Outline | Software Development Training | IT Training

1. Java SE Security
* Holistic Security Practices
* Threats to the User
* The Class Loader and Bytecode Verifier
* System Classes and the Core API
* SecurityManager and AccessController
* Permissions
* Implication
* CodeSources
* Policies
* Configuring Java SE Security
* Dynamic Policies
* Privileged Actions

2. Code Signature and Key Management
* Encryption and Digital Signature
* Keystores
* Keys and Certificates
* Certificate Authorities
* The KeyStore API
* Signing JARs
* Signed CodeSources
* Additional Policy Semantics

3. Secure Development Practices: Java SE
* Code Injection
* Final Classes and Methods
* Singletons, Factories, and Flyweights
* Methods, Collections, and Data Hiding
* Sealing JARs
* Code Obfuscation
* Object Serialization

4. Cryptography
* Threats to Identity and Privacy
* The Java Cryptography Extensions
* The Signature Class
* SignedObjects
* The Java Cryptography Extensions
* SecretKeys and KeyGenerator
* The Cipher Class
* Dangerous Practices
* HTTP and JSSE

5. JAAS
* Pluggable Authentication Logic
* JAAS
* Packages and Interfaces
* Subjects and Principals
* ANDs and ORs
* Impersonation Methods
* Permissions for JAAS Use
* LoginContext and LoginModule
* Configuring JAAS
* CallbackHandler and Callbacks
* Implementing a JAAS Client
* Implementing a LoginModule

6. Java EE Security
* Java EE Servers as Code Hosts
* Tomcat Security Configuration
* Declaring Roles
* Securing URLs
* HTTP Authentication Schemes
* Securing EJBs
* Programmatic Security
* JAAS in Java EE
* Realms and LoginModules
* JAAS in Tomcat
* JACC
* Certifying a Java EE Application
* HTTPS Configuration

7. Secure Development Practices: Java EE
* Presentation-Tier Vulnerabilities
* User Accounts
* MVC and Security
* Validating User Input
* SQL Injection
* Cross-Site Scripting
* Reflected XSS
* Defeating XSS
* OWASP
* Penetration Testing
* Error Handling and Information Leakage
* Logging and Auditing