This advanced course shows experienced developers of Java web applications how to secure those applications and to apply best practices with regard to secure enterprise coding. Authentication, authorization, and input validation are major themes, and students get good exposure to basic Java cryptography for specific development scenarios, as well as thorough discussions of HTTPS configuration and certificate management, error handling, logging, and auditing.
Generally, be prepared to develop secure Java web applications, or to secure existing applications by refactoring as necessary
Define security constraints and login configurations that instruct the web container to enforce authentication and authorization policies
Validate user input aggressively, for general application health and specifically to foil injection and XSS attacks
Configure a server and/or application to use one-way or two-way HTTPS
Apply application-level cryptography where necessary
Secure log files and establish audit trails for especially sensitive information or actions
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.