This course exposes students to the broad range of challenges and techniques that is "Java security." Secure coding practice for Java incorporates techniques for Java SE and Java EE, and increasingly EE applications are using SE techniques such as policy files and JAAS authentication. This course spends some time on each platform, so that students will be exposed to SE basics such as access controller, permissions, and policies; and also traditional EE techniques such as web-security declarations and the EJB authorization model. Best-practice chapters wrap up coverage of each platform.
Learn to design and implement security policies for Java applications, servers, and components and to manage keys and certificates for a Java application, and sign code sources as necessary. Practice secure design and coding, and balance usability with security in UI and API. Learn to sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE. Learn to incorporate JAAS authentication into an application and to implement a JAAS LoginModule to connect to your own application data. Learn to secure Java EE applications by URL and role, and integrate JAAS authentication and to avoid common pitfalls of Java web applications, including SQL injection and cross-site-scripting attacks.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.