• Online, Instructor-Led
Course Description

Securing Java Web Services is a lab-intensive, hands-on JEE security training course, essential for experienced enterprise developers who need to produce secure JEE-based web services. In addition to teaching basic programming skills, this course digs deep into sound processes and practices that apply to the entire software development lifecycle.

Learning Objectives

Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
Be able to test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
Prevent and defend the many potential vulnerabilities associated with untrusted data
Understand the concepts and terminology behind supporting, designing, and deploying secure services
Appreciate the magnitude of the problems associated with service security and the potential risks associated with those problems
Understand the currently accepted best practices for supporting the many security needs of services.
Understand the vulnerabilities associated with authentication and authorization within the context of web services
Be able to detect, attack, and implement defenses for authentication and authorization functionality
Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
Be able to detect, attack, and implement defenses against XSS and Injection attacks
Understand the concepts and terminology behind defensive, secure, coding
Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web services
Design and develop strong, robust authentication and authorization implementations within the context of JEE
Understand the fundamentals of XML Digital Signature as well as how it can be used as part of the defensive infrastructure for web services
Understand the fundamentals of XML Encryption as well as how it can be used as part of the defensive infrastructure for web services
Understand and defend vulnerabilities that are specific to XML and XML parsers

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.