Securing Java Web Applications Outline

(443) 692-6600 | info@umbctrainingcenters.com

ABOUT US Locations Management Mission Partnerships PROGRAMS Agile Biotechnology Certified Financial Planner Cybersecurity Engineering Human Resources Information Technology Instructional Design Leadership Development Online Programs Project Management Sonography Systems Engineering Test Preparation CLASS SCHEDULE GROUP TRAINING Customers Discounts Locations Programs Mobile Lab REGISTRATION How to Register Discounts Financial Assistance CONTACT INFO Locations Employment Opportunities Facebook Twitter NEWS & EVENTS

Securing Java Web Applications

Course Description | Outline | Information Security Training | IT Training

Chapter 1. Secure Web Applications

Threats and Attack Vectors

Server, Network, and Browser Vulnerabilities

Secure Design Principles

GET vs. POST

Container Authentication and Authorization

HTML Forms

Privacy Under /WEB-INF

HTTP and HTTPS

Other Cryptographic Practices

SOA and Web Services

The OWASP Top 10

Chapter 2. Authentication and Authorization

HTTP BASIC and DIGEST Authentication Schemes

Declaring Security Constraints

User Accounts

Safeguarding Credentials in Transit

Replay Attacks

Authorization Over URL Patterns

Roles

FORM Authentication

Login Form Design

EJB Authorization

Programmatic Security

Programmatic Security in JSF

Chapter 3. Secure Application Design

Single Points of Decision

Cross-Site Scripting

Validation vs. Output Escaping

Forceful Browsing

Cross-Site Request Forgery

Request Tokens

Injection Attacks

Protections in JDBC and JPA

Session Management

Taking Care of Cookies

Validating User Input

Validation Practices

Regular Expressions

JSF Validation

Chapter 4. HTTPS and Certificates

Digital Cryptography

Encryption

SSL and Secure Key Exchange

Hashing

Signature

Keystores

keytool

Why Keys Aren't Enough

X.509 Certificates

Certificate Authorities

Obtaining a Signed Certificate

Configuring HTTPS

Client-Side Certificates and Two-Way SSL

PKCS #12 and Trust Stores

CLIENT-CERT Authentication

Chapter 5. Application-Level Cryptography

The Java Cryptography Architecture

Secure Random Number Generation

The KeyStore API

The Signature Class

The SignedObject Class

The MessageDigest Class

The Java Cryptography Extensions

The SecretKey and KeyGenerator Types

The Cipher Class

Choosing Algorithms and Key Sizes

Dangerous Practices

Chapter 6. Secure Development Practices

Secure Development Cycle

Error Handling and Information Leakage

Failing to a Secure Mode

Logging Practices

Appropriate Content for Logs

Auditing

Strategies: Filters, Interceptors, and Command Chains

Penetration Testing

Back Doors